Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Image Source Redirect Vulnerability
A security vulnerability exists in Internet Explorer which could allow a malicious Web site operator to view files on your computer when you visit a Web page that contains a JavaScript Uniform Resource Locator (URL) in an IMG (image) tag.
Issue
When a web server navigates a window from one domain into another one, the IE security model checks the server's permissions on the new page. However, it is possible for a web server to open a browser window to a client-local file, then navigate the window to a page that is in the web site's domain in such a way that the data in the client-local file is accessible to the new window. The data would only be accessible to the new window for a very brief period, but the result is that it could be possible for a malicious web site operator to view files on the computer of a visiting user. The web site operator would need to know (or guess) the name and location of the file, and could only view file types that can be opened in a browser window. If the malicious site is in a Security Zone that does not allow Active Scripting, the vulnerability can not be exploited.
Affected Products
- Internet Explorer 4.0, 4.01, 5.0 and 5.01
Download
Patch: http://www.microsoft.com/windows/ie/download/critical/patch6.htm
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: February 16, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
