VULHUB ™

Reportedly Microsoft Internet Explorer is affected by a vulnerability that could expose sensitive information from client computers. This issue is due to an access validation error that allows a malicious Web page to access XML documents on a client computer. An attacker may leverage this issue to read XML documents on an unsuspecting user's computer when they open a malicious HTML document. The reading of such files will take place with the privileges of the user running the vulnerable Web browser. **UPDATE: This appears to be the same issue as BID 5560, discovered by GreyMagic Software and patched in MS02-047. It appears that the vulnerability is present in patched systems when the <script> tag is in a static HTML document. Exploitation of this vulnerability using dynamic insertion (e.g. document.write) of the <script> tag into a document is blocked.

Reportedly Microsoft Internet Explorer is affected by a vulnerability that could expose sensitive information from client computers. This issue is due to an access validation error that allows a malicious Web page to access XML documents on a client computer. An attacker may leverage this issue to read XML documents on an unsuspecting user's computer when they open a malicious HTML document. The reading of such files will take place with the privileges of the user running the vulnerable Web browser. **UPDATE: This appears to be the same issue as BID 5560, discovered by GreyMagic Software and patched in MS02-047. It appears that the vulnerability is present in patched systems when the <script> tag is in a static HTML document. Exploitation of this vulnerability using dynamic insertion (e.g. document.write) of the <script> tag into a document is blocked.