Exploit exposes Internet Explorer's file cache

Georgi Guninski has uncovered yet another security hole in Internet Explorer Versions 5 and above. This latest vulnerability takes advantage of the HTML object and object type elements, allowing the malicious author of a Web page or HTML e-mail to embed a few lines of JavaScript that would reveal the name of IE's temporary Internet file folders.

Georgi Guninski has uncovered yet another security hole in Internet Explorer Versions 5 and above. This latest vulnerability takes advantage of the HTML object and object type elements, allowing the malicious author of a Web page or HTML e-mail to embed a few lines of JavaScript that would reveal the name of IE's temporary Internet file folders. With help from KeyLabs, BugNet was able to reproduce this vulnerability as well as identify a couple of workarounds. Full story (on ZDNet's Help & How-To channel). -- Eugene Woodbury, BugNet