|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Microsoft addresses IE security hole
(IDG) -- Microsoft confirmed the existence of a security problem with Internet Explorer on Tuesday and said it will patch the hole as soon as possible, according to a company representative. The security breach, which works around existing security features in the browser, enables a hacker to develop a script to retrieve a file from a user's desktop system, provided the path and filename are known. In the same manner, a script can also execute a "paste" command to retrieve the user's current clipboard contents. The security problem was found by Juan Carlos Garcia Cuartango, a Spanish Web developer, who posted information about the bug as well as a test to see it in action, on his Web site.
Microsoft pointed out that users would not encounter this problem while browsing popular Web sites. "A skilled hacker has to purposefully create malicious script on their site in order for a customer to be affected by this," the representative said. Microsoft pointed out that no customers have been affected by this bug, and said concerned users can protect themselves by disabling Active Scripting in the Internet Zone of Explorer's Security Zones feature. The actual feature this bug attacks is the capability for a user to enter the filename of a file they are uploading through a Web browser. Microsoft put in measures to prevent any scripts from modifying the filename but did not prevent scripts from using the "copy" and "paste" commands to get the contents of a file on the user's system, according to Cuartango.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Back to the top © 2000 Cable News Network. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. |