COMMAND

    MS Internet Explorer

SYSTEMS AFFECTED

    IE 5.0

PROBLEM

    Georgi  Guninski  found  following.   There  is  a security bug in
    Internet  Explorer  5.0,  which  allows  reading and sending local
    files to a remote server.  The problem is a bug in the DHTML  edit
    control, which allows pasting a  filename in a FILE object.   When
    the form  is submitted  via JavaScript,  the contents  of the file
    are sent to a remote server.  Demonstration is available at:

        http://www.nat.bg/~joro/fr.html

SOLUTION

    If you look under scripting options in security settings there  is
    the  option  "Allow  paste  via  script"  simply  turning  this to
    disabled provides  safe work  and failure  of exploit.   This is a
    well known  vulnerability in  the microsoft  product cited  below.
    This vulnerability was  thought of having  being taken care  of in
    Microsoft Internet Exploder  4.01 version, but  apparently hasn't.
    Also, there is another workaround.  In IE5, if you use the  "built
    in" feature to  limit scripted paste  operations then the  problem
    doesn't seem to manifest.   Try the following and goto  the sample
    implementation:

        Tools menu --> Internet options --> security tab --> custom
        level --> allow paste operations via script = prompt or disable

    Microsoft highly recommends that customers evaluate the degree  of
    risk that this vulnerability poses to their systems and  determine
    whether  to  download  and  install  the  patch.  The patch can be
    found at

        http://www.microsoft.com/windows/ie/security/mshtml.asp