Microsoft Corp. on Wednesday released a cumulative patch that fixes six new vulnerabilities in Internet Explorer.
Two of the flaws could enable an attacker to read files on a users machine, although there are several mitigating factors that make such an attack quite difficult.
Microsoft, of Redmond, Wash., has rated the new vulnerabilities as critical. The new patch also contains fixes for all previously discovered flaws in IE 5.01, 5.5 and 6.0.
The first of the two so-called information disclosure vulnerabilities lies in the way that an HTML object supports Cascading Style Sheets. An attacker could create a Web page or HTML mail message to exploit the vulnerability, but he would need to know the exact name and location of the file he wanted to read on the users machine. Further, the file must contain one particular ASCII character and the attacker could not add or delete any information in the file, according to Microsofts advisory.
The second such flaw allows an attacker to build a cookie that would enable him to read the information contained in other sites cookies stored on a users machine. But, again, the attacker would need to know the exact name of the cookie he wanted to read.
There is also a cross-site scripting flaw in one of the local HTML files that ship with IE. A successful exploit of the vulnerability would give an attacker the ability to execute scripts on the users machine in the Local Computer zone, which has fewer restrictions than scripts executed in other IE zones.
A similar flaw could allow attackers to run pages on users machines in the Intranet zone.
The final two vulnerabilities are variants of the content disposition problem in IE for which Microsoft issued a patch last year. They enable an attacker to construct special headers in executable files that trick IE into believing that the file is safe to download and run automatically.
The two new flaws require that the users machine be running an application that passes the malformed content back to the operating system instead of generating an error message.
- Microsoft, AOL IM Flaws Uncovered
- MS Charney Must Make Security Job One