Microsoft plugs new Internet Explorer security leak

Stops sneaky Webmasters snooping your hard disk

Microsoft has released a patch for Internet Explorer 4 which is designed to seal a security breach that could allow unscrupulous Web site hosts and hackers to read files on a user's hard drive. The so-called Cross-frame Navigate bug effectively allows developers to code pages that will display files on the user's computer. The developer must, however, know the name of the files he or she is seeking. The bug was originally detected by Bulgarian user Georgi Guninski. All versions of Internet Explorer 3 and 4 are vulnerable to the bug, including Windows 95/98/NT and Macintosh platform. However, the patch is only available for IE 4 -- users of version 3 will need to upgrade. Microsoft said the bug also affects software that interprets HTML code through the IE engine, such as AOL. The patches are available from Microsoft's IE Web site. ®

Sponsored: 10 ways wire data helps conquer IT complexity