Reported February 5, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Internet Explorer (IE) 6.0, 5.5, and 5.01

 

DESCRIPTION

 

Two new vulnerabilities in Microsoft Internet Explorer (IE) can result in information disclosure or the execution of arbitrary code on the vulnerable system. These vulnerabilities stem from a flaw in IE's showHelp function that results in incomplete security checking, permitting a Web site access to information in another domain. An attacker can misuse certain dialog boxes to run malicious scripts and obtain that data.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-004, "Cumulative Patch for Internet Explorer (810847)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. This patch addresses all previously discovered IE vulnerabilities.

 

CREDIT          

Discovered by Andreas Sandblad.