Microsoft Internet Explorer XML Object Zone Restriction Bypass Vulnerability

Microsoft has announced that a vulnerability exists in Internet Explorer when handling malicious XML objects. The problem is said to occur due to Internet Explorer failing to validate a supplied path when binding local data to the XML document. As a result, a malicious HTML containing an embedded XML objects may be capable of exposing the contents of the local filesystem, despite the object being within the Internet or Intranet zone.


Privacy Statement
Copyright 2010, SecurityFocus