Forwarded from e RISKS digest: >Date: Thu, 17 Feb 2000 09:28:42 -0500 >From: "Jeremy Epstein" <[EMAIL PROTECTED]> >Subject: YAIESB: Yet Another Internet Explorer Security Bug > >Under certain circumstances, a web server can force an IE client to serve up >the contents of a file on a local hard drive. The server needs to >know/guess the name of the file to be retrieved. The vulnerability only >exists if you have Active Scripting available for the security zone (yet >another reason to turn it off!) > >MS says "The vulnerability exists because it is possible, under very >specific conditions, to violate IE�s cross-domain security model in order to >allow a web site to read data that it should be prevented from reading." > >An interesting feature is that if you try to install the patch on a machine >running IE 4.01 with SP1, the install states that the patch isn't needed >(when in fact it really is). The only solution is to "upgrade" to a newer >version of IE. Although MS warns of this on their web page, I wonder how >many people will get a false sense of security when told they don't need the >security patch. > >See http://www.microsoft.com/technet/security/bulletin/ms00-009.asp > >--Jeremy
