• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Cascading Style Sheet File Disclosure Vulnerability

Solution:
Microsoft has released patches. However, it has been reported that these patches do not address the issue completely and it is still possible to exploit this vulnerability under some circumstances.

Microsoft Internet Explorer 6 Service Pack 1 is reported to eliminate the possibility that a redirect may be used to exploit this issue.

Please note that the appropriate service pack must be installed in order to apply the patch:


Microsoft Internet Explorer 5.5 SP1

• Microsoft q321232
  http://download.microsoft.com/download/ie55sp1/secpac27/5.5_sp1/W98NT4 2KMe/EN-US/q321232.exe

Microsoft Internet Explorer 5.5 SP2

• Microsoft q321232
  http://download.microsoft.com/download/ie55sp2/secpac27/5.5_sp2/W98NT4 2KMe/EN-US/q321232.exe

Microsoft Internet Explorer 6.0

• Microsoft ie6sp1
  http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default. asp

Microsoft Internet Explorer 5.0.1 SP2

• Microsoft q321232
  Windows NT and Windows 2000
  http://download.microsoft.com/download/ie501sp2/secpac27/5.01_sp2/NT45 /EN-US/q321232.exe