Free microsoft internet explorer 5.01 software for windows

The first vulnerability involves how Internet Explorer handles URLs that include dotless IP addresses. (Note This vulnerability does not affect Internet Explorer 6.) The second vulnerability involves how Internet Explorer handles URLs that specify third-party sites. The third is a new variant of a vulnerability discussed in Microsoft Security Bulletin MS01-015, affecting how Telnet sessions are invoked via Internet Explorer.

For more information about these issues, read Microsoft Security Bulletin MS01-051.

This vulnerability exists because VBScript that is created dynamically in Internet Explorer can result in the script being assigned invalid permissions, which gives the script the ability to read your local files, if the path to the file is known. This update prevents a malicious user from running VBScript in an unauthorized Web site to read the contents of files on your computer.

• A cross-site scripting vulnerability in a Local HTML Resource. IE ships with several files that contain HTML on the local file system to provide functionality. One of these files contains a cross-site scripting vulnerability that could allow a script to execute as if it were run by the user herself, causing it to run in the local computer zone. An attacker could craft a web page with a URL that exploits this vulnerability and then either host that page on a web server or send it as HTML email. When the web page was viewed and the user clicked on the URL link, the attackers script injected into the local resource, the attackers script would run in the Local Computer zone, allowing it to run with fewer restrictions than it would otherwise have.
• An information disclosure vulnerability related to the use of am HTML object provides that support for Cascading Style Sheets that could allow an attacker to read, but not add, delete or change, data on the local system. An attacker could craft a web page that exploits this vulnerability and then either host that page on a web server or send it as HTML email. When the page was viewed, the element would be invoked. Successfully exploiting this vulnerability, however, requires exact knowledge of the location of the intended file to be read on the users system. Further, it requires that the intended file contain a single, parcicular ASCII character.
• An information disclosure vulnerability related to the handling of script within cookies that could allow one site to read the cookies of another. An attacker could build a special cookie containing script and then construct a web page with a hyperlink that would deliver that cookie to the users system and invoke it. He could then send that web page as mail or post it on a server. When the user clicked the hyperlink and the page invoked the script in the cookie, it could potentially read or alter the cookies of another site. Successfully exploiting this, however, would require that the attacker know the exact name of the cookie as stored on the file system to be read successfully.
• A zone spoofing vulnerability that could allow a web page to be incorrectly reckoned to be in the Intranet zone or, in some very rare cases, in the Trusted Sites zone. An attacker could construct a web page that exploits this vulnerability and attempt to entice the user to visit the web page. If the attack were successful, the page would be run with fewer security restrictions than is appropriate.
• Two variants of the "Content Disposition" vulnerability discussed in Microsoft Security Bulletin MS01-058 affecting how IE handles downloads when a downloadable files Content-Disposition and Content-Type headers are intentionally malformed. In such a case, it is possible for IE to believe that a file is a type safe for automatic handling, when in fact it is executable content. An attacker could seek to exploit this vulnerability by constructing a specially malformed web page and posting a malformed executable file. He could then post the web page or mail it to the intended target. These two new variants differ from the original vulnerability in that they for a system to be vulnerable, it must have present an application present that, when it is erroneously passed the malformed content, chooses to hand it back to the operating system rather than immediately raise an error. A successful attack, therefore, would require that the attacker know that the intended victim has one of these applications present on their system.