Security 10817 Published by

The IE security architecture provides a caching mechanism that is
used to store content that needs to be downloaded and processed on the user´s local machine. The purpose of the cache is to obfuscate the physical location of the cached content, in order to ensure that the web page or HTML e-mail will work through the IE security
architecture to access the information. This ensures that the uses of the information can be properly restricted.

A vulnerability exists because it is possible for a web page or HTML e- mail to learn the physical location of cached content. Armed with
this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.

Read more