Microsoft IE 5.0 bodges patched

Security vulnerabilities highlighted in Microsoft Internet Explorer 5.0 have now been addressed by the company's online security bulletin service.

The two security holes in IE 5.0 are a further annoyance to Microsoft, which is still patching up unforeseen blunders in version 4 of its ubiquitous browser. This month alone has seen numerous patches posted to prevent possible malicious attacks on users of the earlier version of the software.

The first IE 5.0 problem is connected to an in-built feature called "download behaviour" which allows Web page authors to download files for use in client-side script. Microsoft explains that by design, a Web site should only be able to download files that reside in its own domain. This, it says, prevents client-side code from exposing a user's files to the Web site. However, it now admits that a server-side redirect could be used to bypass this restriction, enabling users' files to be read.

Microsoft says that patch will be delivered shortly, but that in the meantime, users can prevent malicious attacks by disabling Active Scripting.

The second alert features a fix for a problem first highlighted earlier this month that also affects IE 4.01 users. IE 5 incorporates a feature that allows users to export a list of favourite sites to a file, or to import a file of favourite sites. The feature is called ImportExportFavorites, and in theory should only allow particular types of files to be written and to only specific areas of a local drive. However, Microsoft now say that it is possible for a Web-site to invoke this feature, bypass restrictions and write files that could be used to execute system commands. (Quite scary.)

Thankfully several patches are now available for both versions of IE, and both x86 and Alpha processors.

You can get a patch here for 4.01/Intel, here for 4.01/Alpha, here for IE5/Intel, and here for IE5/Alpha.