Script Injection Vulnerability in Microsoft Internet Explorer

 Reported November 9, 2001, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft Internet Explorer 6.0

  • Microsoft Internet Explorer 5.5

 

DESCRIPTION
A vulnerability exists in Microsoft Internet Explorer (IE) that can result in information disclosure using locally stored cookies on the vulnerable system. The vulnerability stems from a problem in IE that lets a specially crafted URL read and modify this information.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS01-055 to address this vulnerability and recommends that affected users apply the patch that Microsoft will provide at the URL when the patch becomes available. As a workaround, users can disable active scripting in IE's Internet and Intranet security zones. This vulnerability doesn't affect users who have applied the Outlook E-Mail Security Update or who have set Outlook Express to use the Restricted Sites zone.

 

CREDIT
Discovered by Microsoft.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish