Security Update, February 14, 2002 (Internet Explorer 6)
This update resolves the &Incorrect VBScript Handling in Internet Explorer can Allow Web Pages to Read Local Files& security vulnerability in Internet Explorer 6 and Windows XP or Windows 2000, and is discussed in Microsoft Security Bulletin MS02-009. Download now to prevent a malicious user from using an unauthorized Web site to read the contents of files on your local computer.
This vulnerability exists because VBScript that is created dynamically in Internet Explorer can result in the script being assigned invalid permissions, which gives the script the ability to read your local files, if the path to the file is known. This update prevents a malicious user from running VBScript in an unauthorized Web site to read the contents of files on your computer.
For more information, read Microsoft Security Bulletin MS02-009. (This site is in English.)
This update applies to Internet Explorer 6 running with:
Note This update can also apply to a previous version of Internet Explorer running Windows Script Host 5.6. For more information about how to determine which version of Windows Script Host you are running, read Microsoft Security Bulletin MS02-009. (This site is in English.)