VULHUB ™

Microsoft has announced the discovery of a vulnerability in Internet Explorer that could potentially allow an attacker to execute arbitrary code within an otherwise inaccessible zone. The problem lies in the method under which Internet Explorer handles cached browser data, potentially making it possible for a malicious web script to access data within the My Computer zone. Successful exploitation of this vulnerability could theoretically allow an attacker to access file contents or potentially execute a file already present on the local filesystem within the My Computer zone. This may have high implications, specifically due to the My Computer zone being less restrictive then the Internet zone. It may also be possiblef or an attacker to download a malicious executable into the users Temporary Internet Files and subsequently execute it, possibly with the victim users privileges. This vulnerability affects Internet Explorer 5.01, 5.5, and 6.0.

Microsoft has announced the discovery of a vulnerability in Internet Explorer that could potentially allow an attacker to execute arbitrary code within an otherwise inaccessible zone. The problem lies in the method under which Internet Explorer handles cached browser data, potentially making it possible for a malicious web script to access data within the My Computer zone. Successful exploitation of this vulnerability could theoretically allow an attacker to access file contents or potentially execute a file already present on the local filesystem within the My Computer zone. This may have high implications, specifically due to the My Computer zone being less restrictive then the Internet zone. It may also be possiblef or an attacker to download a malicious executable into the users Temporary Internet Files and subsequently execute it, possibly with the victim users privileges. This vulnerability affects Internet Explorer 5.01, 5.5, and 6.0.