IE GetObject() problems
Systems affected:
Patched IE 6.0, somewhat patched 5.5 Win2K
IE allows reading local files due to a bug in GetObject().
Reading local files may lead to executing arbitrary programs.
Workaround/Solution:
Disable Active Scripting and never turn it on.
Better, do not use IE in hostile environments such as the internet.
Vendor status:
Microsoft was notified on 11 December 2001.
They had 3 weeks to produce a patch but didn't.
follow up:
Guninski.com
Vivienne
Systems affected:
Patched IE 6.0, somewhat patched 5.5 Win2K
IE allows reading local files due to a bug in GetObject().
Reading local files may lead to executing arbitrary programs.
Workaround/Solution:
Disable Active Scripting and never turn it on.
Better, do not use IE in hostile environments such as the internet.
Vendor status:
Microsoft was notified on 11 December 2001.
They had 3 weeks to produce a patch but didn't.
follow up:
Guninski.com
Vivienne
