IE suffers security hole

Microsoft today confirmed that its Internet Explorer browser is vulnerable to a security hole that could expose users' files to prying eyes.

The vulnerability involves JavaScript, a versatile Web scripting language for executing actions on a Web page without user input. JavaScript is widely used on the Web and has proved a boon for bug hunters, who have turned up dozens of ways to use it to circumvent browsers' security checks.

The IE search command NavigateAndFind directs the browser to find a Web page and highlight a specified portion of text there. Normally, IE will perform a security check to make sure the command does not specify a file on the Web surfer's computer.

But if NavigateAndFind is directed toward a JavaScript URL within a frame, a smaller window within a Web page, that security check fails to kick in and code within the JavaScript URL can be executed to spy on any file on the user's computer that could be opened in a browser window. These include .doc, .html and .jpeg files.

Microsoft said that while the files could be examined by an attacker, they could not be changed or deleted.

The bug's discoverer, Bulgarian security enthusiast and JavaScript bug hunting champion Georgi Guninski, recommended that users disable Active Scripting in IE. He posted a demonstration of the exploit, which he warned could be executed by sending an HTML message.