Another security hole has been discovered in Microsoft Internet Explorer 5.0, potentially leaving computers open to attack by malicious Web site operators.
The bug involves IE 5’s “download behavior,” a feature that allows a Web page to download files for use in client-side scripting.
The feature is intended to prevent client-side code from exposing files on the user’s machine, but a server-side redirect can be used to bypass this restriction. The flaw could enable a malicious Web site operator to read an unsuspecting user’s local files, according to Microsoft.
The company said it is working on a patch for the problem.
A detailed story appears at www.news.com.