Reported March 28, 2002, by Microsoft.
Microsoft Internet Explorer 6.0, Internet Explorer 5.5, and Internet Explorer 5.01
Two vulnerabilities exist in Internet Explorer (IE), one of which can lead to script execution in the Local Computer Zone. The first vulnerability involves a flaw in the way IE handles object tags that lets an attacker invoke an executable already present on the vulnerable system. The second vulnerability targets IE's zone determination function. By embedding an HTML script within a cookie, an attacker can execute script on the vulnerable computer.
The vendor, Microsoft, has released security bulletin MS02-015, which addresses these vulnerabilities, and recommends that affected users apply the appropriate patch listed at this URL or at the Windows Update Web site.
Discovered by Andreas Sandblad.