Suggest A Fix PC Support Forums > MS Alert: Win98 IE vunerability

Full Version: MS Alert: Win98 IE vunerability

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Aug 18 2002, 08:05 PM

IE version 5.x, 6.0

A remote user can cause IE to inject arbitrary HTML into the "My Computer" zone on Windows 98 systems by exploiting the "Web Folder" component of IE. Code can be made to traverse the web folder. If the web folder does not exists, IE will reportedly place an error message in the temporary folder. So, code can be written to probe for or test vulnerable systems. This can cause HTML code, including ActiveX scripting, to be executed in the Local Computer zone.

No solution was available from Microsoft at this time.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.