Reported August 9, 2000 by Juan Carlos Garcia Cuartango
- Microsoft Internet Explorer 4.x
- Microsoft Internet Explorer 5.x
T he ActiveX rendering control that invokes scripts is vulnerable to attack by a malicious script designed to inject code into a known IE system. Once injected, the rendering control could be used to activate the code under the security context of the Local Computer Zone where it could then gain access to local files.
A particular function within IE does not properly protect against the interaction of two browser frames when those frames are in different domains, including the user's local file system. The lack of protection allows for one frame to pass inform to another where the data passed could be read from the user's local file system and subsequently transmitted offsite.
Microsoft's bulletin states,
"Note: In addition to eliminating the two vulnerabilities discussed above, this
patch also protects against several previously-discussed vulnerabilities. Customers who
apply this patch will also be protected against the vulnerabilities discussed in the
following Security Bulletins:
- Microsoft Security Bulletin MS00-033
- Microsoft Security Bulletin MS00-039
- Microsoft Security Bulletin MS00-049
In addition, for IE 5.5 systems only, this patch also eliminates the vulnerability discussed in Microsoft Security Bulletin MS00-042.
Note: Customers who install this patch on versions other than IE 5.01, IE 5.01 SP1, or IE 5.5 may receive a message reading "This update does not need to be installed on this system". This message is incorrect. More information is available in KB article Q266336.
In addition, the bulletin lists the following references for addition information:
- Frequently Asked Questions: Microsoft Security Bulletin MS00-055,
- Microsoft Knowledge Base article Q266336 discusses this issue and will be available soon.
- Microsoft Security Bulletin MS00-033, Patch Available for "Frame Domain
Verification", "Unauthorized Cookie Access", and "Malformed Component
- Microsoft Security Bulletin MS00-039, Patch Available for "SSL Certificate
- Microsoft Security Bulletin MS00-042, Patch Available for "Active Setup
- Microsoft Security Bulletin MS00-049, Patches Available for "Office HTML" and
"IE Script" Security Vulnerabilities,
Discovered by Juan Carlos Garcia Cuartango