The Internet Explorer bug, which Microsoft covered in an advisory released yesterday, can be exploited by a maliciously-crafted website.
"An attacker with knowledge of the precise location of a file on a remote hard drive could redirect the contents of the locally stored file and force the local content to be rendered as an HTML document, making it visible remotely", Microsoft said. Because any files that the user themselves have access to could be harvested if the filename and path is known, it is possible for attackers to harvest the index.dat file, Microsoft added. "This would allow them to view the cookies files on the system, and possibly other cached content."
The vulnerability is exploitable on versions of Internet Explorer that are not running in protected mode. This mode stops the browser from accessing user files or system settings without explicit user consent.
However, protected mode was only introduced as a default option on Windows Vista and Windows 7, with Internet Explorer version 7 and higher. This makes many other versions vulnerable. Microsoft singles out Internet Explorer 5.01 and Internet Explorer 6 on Windows 2000 Service Pack 4, and Internet Explorer 6, 7, and 8 on Windows XP and Windows Server 2003 Service Pack 2.
This will do nothing to help the reputation of Internet Explorer 6, which is not now supported by Google. The operating system shipped with Windows XP, which explains its considerable popularity in the last few years. The operating system still has two-thirds of the personal computer market.
While not allowing for the execution of arbitrary code, this flaw could be used to harvest personal information that could help to mount an identity theft attack.