Reported February 5, 2003, by Microsoft.
· Microsoft Internet Explorer (IE) 6.0, 5.5, and 5.01
Two new vulnerabilities in Microsoft Internet Explorer (IE) can result in information disclosure or the execution of arbitrary code on the vulnerable system. These vulnerabilities stem from a flaw in IE's showHelp function that results in incomplete security checking, permitting a Web site access to information in another domain. An attacker can misuse certain dialog boxes to run malicious scripts and obtain that data.
Microsoft has released Security Bulletin MS03-004, "Cumulative Patch for Internet Explorer (810847)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. This patch addresses all previously discovered IE vulnerabilities.
Discovered by Andreas Sandblad.