A new IE 5.0 glitch threatens to let Web site operators read files on visiting users’ PCs.
Microsoft issued a security alert stating that the problem means Web site operators can read files without authorization, but only if they already know the name of the file and the folder in which it resides. The security hole does not permit malicious operators to list the contents of folders. Nor can they create, modify or delete files.
The company says its developing a patch to eliminate the vulnerability.
Until the patch is ready, Microsoft recommends that users add Web sites they trust to the “Trusted Zone” in IE 5.0, while disabling Active Scripting in the “Internet Zone” settings. Microsoft’s alert is online at www.microsoft.com.
The story can be found at www.zdnn.com.