COMMAND

    "Server-side Page Reference Redirect" Vulnerability

SYSTEMS AFFECTED

    IE 4.01, 5.0, 5.01

PROBLEM

    Following is  based on  Microsoft Security  Bulletin.   When a web
    server  performs  a  server-side  redirect,  the IE security model
    checks the server's permissions on  the new page.  However,  under
    favorable timing conditions,  it is possible  for a web  server to
    create a reference to a client window that the server is permitted
    to view, then use a  server-side redirect to a client-local  file,
    and bypass the security restrictions.  The result is that it could
    be possible for a malicious web site operator to view files on the
    computer of a visiting user.  The web site operator would need  to
    know (or guess) the name and location of the file.

SOLUTION

    Patch availability:

        http://www.microsoft.com/windows/ie/security/servredir.asp

    This patch  also includes  the previously-released  patch for  the
    "ImportExportFavorites"   vulnerability.     Microsoft    produces
    security patches for  Internet Explorer 4.01  SP2 and higher.   In
    the event that this package  is applied to Internet Explorer  4.01
    SP1, the package states  that a fix is  not needed.  This  message
    is incorrect, as the vulnerability does exist on Internet Explorer
    4.01 SP1   or any  earlier release.   If you  are using   Internet
    Explorer 4.01 SP1  or any earlier  release, please upgrade  to the
    latest version of Internet Explorer to resolve this issue.