This is a cumulative patch for Internet Explorer 5.5 and 6.0. In addition to including the functionality of all previously released patches for Internet Explorer 5.5 and 6.0, it also eliminates a newly discovered flaw in Internet Explorer's cross-domain security model. This flaw occurs because the security checks that Internet Explorer carries out when particular object caching techniques are used in web pages are incomplete. This could have the effect of allowing a website in one domain to access information in another, including the user's local system.
Exploiting the vulnerability could enable an attacker to read, but not change, any file on the user's local computer. In addition, the attacker could invoke an executable that was already present on the local system. The attacker would need to know the exact location of the executable, and would not be able to pass parameters to it. Microsoft is not aware of any executable that ships by default as part of Windows and, when run without parameters, could be dangerous.
An attacker could exploit the vulnerability by constructing a web page that uses a cached programming technique, and could then either host it on a web site or send it to a user via email. In the case of the web-based attack vector the page could be automatically opened when a user visited the site In the case of the HTML mail- based attack vector, the page could be opened when the recipient opened the mail or viewed it using the Preview pane.
Download: Cumulative Patch For Internet Explorer December 2002
News source: W2S
Exploiting the vulnerability could enable an attacker to read, but not change, any file on the user's local computer. In addition, the attacker could invoke an executable that was already present on the local system. The attacker would need to know the exact location of the executable, and would not be able to pass parameters to it. Microsoft is not aware of any executable that ships by default as part of Windows and, when run without parameters, could be dangerous.
An attacker could exploit the vulnerability by constructing a web page that uses a cached programming technique, and could then either host it on a web site or send it to a user via email. In the case of the web-based attack vector the page could be automatically opened when a user visited the site In the case of the HTML mail- based attack vector, the page could be opened when the recipient opened the mail or viewed it using the Preview pane.
Download: Cumulative Patch For Internet Explorer December 2002 News source: W2S
Spano testified he sent several E-mails to Elcomsoft and its American Internet service providers trying to force them to stop selling the software or to have the company's Web site blocked. He said after Elcomsoft received Adobe's complaint it added a paragraph to its site saying the eBook product should not be used for illegal purposes.
Spano was the fifth in a string of prosecution witnesses testifying in the case. The government's star witness, Dmitry Sklyarov, the 27-year-old programmer who developed Elcomsoft's eBook software, may be called as early as Thursday. Last year Sklyarov spent four months in jail before the government agreed to drop charges against him in exchange for his testimony.
Adobe apparently withdrew its support of the prosecution after Internet policy groups threatened to organize a boycott of the company's products. Civil libertarians say the digital copyright act stifles computer research and gives publishers, record companies, and movie studios too tight a grip on online content.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.