- Related Stories
-
IE 5.5 hole lets hackers read files
October 18, 2000 -
Bug hunter finds another hole in Microsoft IE browser
October 5, 2000 -
IE 5.5 hole lets hackers into personal records
September 26, 2000 -
IE security bug leaves files vulnerable
September 6, 2000 -
Experts corroborate Windows, IE security hole
August 15, 2000 -
IE 5.5 bugged in first week
July 14, 2000
Noted bug hunter Georgi Guninski reported the vulnerability on the Bugtraq security mailing list. He said the problem affects Internet Explorer 5.5 and Microsoft's Outlook and Outlook Express email clients.
The vulnerability exploits ".chm" files, a compressed help file format, Guninski said.
Microsoft could not immediately be reached for comment. In the Bugtraq posting, Guninski said he had notified Microsoft about the security hole Nov. 15.
He added that the vulnerability could be prevented by disabling active scripting, a browser setting that offers more functions but has been repeatedly associated with potential security risks.
Guninski said Microsoft had fixed a similar exploit in the past by requiring ".chm" files to be run only from the local file system. He said the newly discovered vulnerability revives the ".chm" problem by revealing the location of temporary Internet files folders, allowing a remote user to activate the ".chm" file locally.
"Once a temporary Internet files folder name is known, it is possible to cache a '.chm' in any temporary Internet files folder and then use 'window.showHelp()' to execute it," he wrote. "There are other ways to execute programs once a temporary Internet files folder is known and document is cached in it, but 'showHelp()' seems to be the simplest."
