Reported November 9, 2001, by Microsoft.
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.5
A vulnerability exists in Microsoft Internet Explorer (IE) that can result in information disclosure using locally stored cookies on the vulnerable system. The vulnerability stems from a problem in IE that lets a specially crafted URL read and modify this information.
The vendor, Microsoft, has released Security Bulletin MS01-055 to address this vulnerability and recommends that affected users apply the patch that Microsoft will provide at the URL when the patch becomes available. As a workaround, users can disable active scripting in IE's Internet and Intranet security zones. This vulnerability doesn't affect users who have applied the Outlook E-Mail Security Update or who have set Outlook Express to use the Restricted Sites zone.
Discovered by Microsoft.