Internet Explorer Can Divulge Location of Cached Content

Reported March 6, 2001, by Microsoft.

VERSIONS AFFECTED

  • Microsoft Internet Explorer 5.01

  • Microsoft Internet Explorer 5.5

  • Microsoft Windows Scripting Host 5.01

  • Microsoft Windows Scripting Host 5.5

DESCRIPTION

Internet Explorer (IE) provides a caching mechanism to store content that a user downloads and processes on the user's local machine. The caching mechanism is also used to obscure the physical location of the cached content so that Web page or HTML email works through IE’s security architecture to access this information. This ensures that the system can properly restrict information usage.

A vulnerability exists that lets a Web page or HTML email reveal the physical location of this cached content. By using this information, an attacker can cause the cached content to open in the Local Computer Zone of IE and launch compiled HTML Help (.chm) files containing shortcuts to executables. The attacker can them run those executables.

VENDOR RESPONSE

 

Microsoft has issued security bulletin MS01-015 to address this vulnerability.

CREDIT
Discovered by Microsoft.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish