A vulnerability in Microsoft Internet Explorer (IE) allows remote attackers to read arbitrary files on a vulnerable system.
A vulnerability in the showHelp Method contained within IE may allow a remote attacker to read arbitrary files. For further details, please see the following documents:Microsoft Security Bulletin MS03-004:
A remote attacker may be able to read arbitrary files on a vulnerable system, which may allow them to gain access to sensitive information such as user credentials. In the worst case, a remote attacker may be able to execute programs with certain parameters leading to a total system compromise if IE is running as administrator.
Apply a patch. More information about patches can be found in MS03-004.
This vulnerability was discovered by Andreas Sandblad. The CERT/CC thanks Andreas for helping us to understand this vulnerability.
This document was written by Ian A Finlay.
|Date First Published:||2003-02-06|
|Date Last Updated:||2003-02-13 19:31 UTC|