|
|
Microsoft Internet Explorer 'Server-side Page Reference Redirect' Vulnerability Patch
-
Version
1
Microsoft has released a patch that eliminates a vulnerability in Microsoft Internet Explorer 4.01, 5 and 5.01, that could allow a malicious web site operator to view a file on the computer of a visiting user, provided that the web site operator knew the name and folder of the file. When a web server performs a server-side redirect, the IE security model checks the server's permissions on the new page. However, under favorable timing conditions, it is possible for a web server to create a reference to a client window that the server is permitted to view, then use a server-side redirect to a client-local file, and bypass the security restrictions. The result is that it could be possible for a malicious web site operator to view files on the computer of a visiting user. The web site operator would need to know (or guess) the name and location of the file.
|