---

CNET News.com: Microsoft combats another IE 5 bug [‘download behavior’]

“The latest security issue involves an IE 5 feature called
‘download behavior’ that allows a Web page to download files for
use in client-side scripting.”

“As a result of the problem, text files from the user’s disk, or
local Web server, may be read and then sent to an arbitrary server
on the Internet, allowing the user’s files to be ‘stolen,’
according to Bulgarian programmer Georgi Guninski…”

” ‘This vulnerability would chiefly affect workstations that
are connected to the Internet,’ Microsoft said
in a security
alert released yesterday. The company said it is working on a patch
for the problem. ‘As an immediate measure, customers can prevent
the download behavior function from operating by disabling
ActiveScripting,’ according to the security bulletin.”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis