CNET News.com: Microsoft combats another IE 5 bug ['download behavior']Sep 30, 1999, 16:56 (9 Talkback[s])
(Other stories by Erich Luening)
"The latest security issue involves an IE 5 feature called 'download behavior' that allows a Web page to download files for use in client-side scripting."
"As a result of the problem, text files from the user's disk, or local Web server, may be read and then sent to an arbitrary server on the Internet, allowing the user's files to be 'stolen,' according to Bulgarian programmer Georgi Guninski..."
" 'This vulnerability would chiefly affect workstations that are connected to the Internet,' Microsoft said in a security alert released yesterday. The company said it is working on a patch for the problem. 'As an immediate measure, customers can prevent the download behavior function from operating by disabling ActiveScripting,' according to the security bulletin."