ad info

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
Computing

Microsoft addresses IE security hole

October 15, 1998
Web posted at 11:50 AM EDT

by Jeff Walsh

From...

(IDG) -- Microsoft confirmed the existence of a security problem with Internet Explorer on Tuesday and said it will patch the hole as soon as possible, according to a company representative.

The security breach, which works around existing security features in the browser, enables a hacker to develop a script to retrieve a file from a user's desktop system, provided the path and filename are known. In the same manner, a script can also execute a "paste" command to retrieve the user's current clipboard contents.

The security problem was found by Juan Carlos Garcia Cuartango, a Spanish Web developer, who posted information about the bug as well as a test to see it in action, on his Web site.

MORE COMPUTING INTELLIGENCE
  IDG.net home page
  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Internet commerce section
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Questions about computers? Let IDG.net's editors help you
  Search IDG.net in 12 languages
 News Radio
  Fusion audio primers
  Computerworld Minute
     

Microsoft pointed out that users would not encounter this problem while browsing popular Web sites.

"A skilled hacker has to purposefully create malicious script on their site in order for a customer to be affected by this," the representative said.

Microsoft pointed out that no customers have been affected by this bug, and said concerned users can protect themselves by disabling Active Scripting in the Internet Zone of Explorer's Security Zones feature.

The actual feature this bug attacks is the capability for a user to enter the filename of a file they are uploading through a Web browser. Microsoft put in measures to prevent any scripts from modifying the filename but did not prevent scripts from using the "copy" and "paste" commands to get the contents of a file on the user's system, according to Cuartango.

Related stories:
Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

SEARCH CNN.com
Enter keyword(s)   go    help

   
 

Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.