Microsoft IE External Caching Security Failure Arbitrary File Access

2002-11-25T23:46:06
ID OSVDB:15224
Type osvdb
Reporter Thor Larholm(thor@pivx.com)
Modified 2002-11-25T23:46:06

Description

Vulnerability Description

Internet Explorer contains a flaw that may allow a malicious user to access arbitrary files. The issue is due to incomplete security checks on IE external caching, which allows remote attackers to access files on a user's system, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Internet Explorer contains a flaw that may allow a malicious user to access arbitrary files. The issue is due to incomplete security checks on IE external caching, which allows remote attackers to access files on a user's system, resulting in a loss of confidentiality.

References:

Vendor Specific Solution URL: http://www.microsoft.com/windows/ie/downloads/critical/q324929/default.mspx Microsoft Security Bulletin: MS02-068 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=103910416824172&w=2 ISS X-Force ID: 10809 CVE-2002-1262 CIAC Advisory: n-021