Multiple Vulnerabilities in Microsoft Internet Explorer - 21 Aug 2003

Reported August 20, 2003, by Microsoft.




  • Microsoft Internet Explorer (IE) 6.0 for Windows Server 2003

  • Microsoft IE 6.0, 5.5, and 5.01




Two new vulnerabilities exist in Microsoft Internet Explorer (IE), the most serious of which can result in the execution of arbitrary code on the vulnerable computer. These two new vulnerabilities are as follows:

  • A vulnerability in IE's cross-domain security model can result in the execution of script in the My Computer zone. The flaw exists because a file from the Internet or intranet containing a maliciously constructed URL can appear in the browser cache running in the My Computer zone.

  • A vulnerability occurs because IE doesn't properly determine an object type that a Web server returns. An attacker can exploit this vulnerability by running arbitrary code on a user's system.




Microsoft has released Security Bulletin MS03-032, "Cumulative Patch for Internet Explorer (822925)," to address these vulnerabilities and recommends that affected users apply the appropriate patch mentioned in the bulletin.



Discovered by Yu-Arai of LAC, eEye Digital Security and Greg Jones from KPMG UK.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.