Microsoft plugs new Internet Explorer security leak
Stops sneaky Webmasters snooping your hard disk
Microsoft has released a patch for Internet Explorer 4 which is designed to seal a security breach that could allow unscrupulous Web site hosts and hackers to read files on a user's hard drive. The so-called Cross-frame Navigate bug effectively allows developers to code pages that will display files on the user's computer. The developer must, however, know the name of the files he or she is seeking. The bug was originally detected by Bulgarian user Georgi Guninski. All versions of Internet Explorer 3 and 4 are vulnerable to the bug, including Windows 95/98/NT and Macintosh platform. However, the patch is only available for IE 4 -- users of version 3 will need to upgrade. Microsoft said the bug also affects software that interprets HTML code through the IE engine, such as AOL. The patches are available from Microsoft's IE Web site. ®
Sponsored: RAID: End of an era?