JavaScript Redirect Vulnerability in Internet Explorer (244233)

SYMPTOMS

Under certain circumstances, a malicious Web site operator could use a JavaScript redirect command to read files on a computer if the browser is redirected to a malicious Web site. Files can be read only if the name of the file, and the name of the folder in which the file is located, is known by the malicious operator. This vulnerability does not allow the malicious operator to list the contents of folders; create, modify, or delete files; or to gain administrative control of the computer.

WORKAROUND

To temporarily work around this issue, add trusted sites to the Trusted Sites zone and disable Active Scripting in the Internet zone.

Adding Sites to the Trusted Sites Zone

You can add Web sites that you explicitly trust not to take malicious action on your computer to the Trusted Sites zone. To add Web sites to the Trusted Sites zone:

Click Start, point to Settings, click Control Panel, and then double-click Internet Options.

If you are using Internet Explorer 4.x, double-click Internet in Control Panel.
Click the Security tab, click Trusted Sites, click Sites, and then type the name of a Web site that you know can be trusted. For example, type: https://www.microsoft.com. Repeat this step for each Web site you want to add.

NOTE: When you add sites to the Local Intranet or Trusted Sites zone, you can require that server verification be used by clicking to select the Require server verification (https:) for all sites in this zone check box.
Click OK.
Click OK.

For additional information about the security zones, click the article number below to view the article in the Microsoft Knowledge Base:

174360 How to Use Security Zones in Internet Explorer

Disable Active Scripting

To disable Active Scripting: