May 17 — Microsoft issued a new cumulative patch for Internet Explorer on Wednesday that addresses six vulnerabilities in its Web browser.

The patch should be downloaded by anyone using IE 5.1, 5.5, or the latest version, IE 6.0.
The six vulnerabilities are:

A cross-site scripting vulnerability on a local HTML page. If a hacker creates a page to simulate a local environment (on the user's hard drive), script can run with fewer security restrictions.

From a website, a hacker can read, but not edit, some data if the hacker knows exactly where it is located on a victim's hard drive.

Cookie information-sharing that could allow one site to read the cookies of another.

A zone-spoofing vulnerability that could allow a webpage to pretend to be a trusted website.

Two variants of the "Content Disposition" vulnerability in which IE thinks a file is safe for automatic download when in fact it is executable content.

A vulnerability that allows restricted zones to appear in frames that are approved. This effectively disables frames in HTML email by default and prevents an HTML email from automatically opening a new window or launching the download of an executable.

To get the cumulative patch, users should go to:
http://www.microsoft.com/windows/ie/...2/default.asp.

The Source


System_0verload