Security 10816 Published by

OnlyNewZ has posted an unofficial patch for Internet Explorer



Temporary solution for the recent discoverd vulnerability (by The United States-Computer Emergency Readiness Team) in all Internet Explorers 5.01 and higher.

If an ITS protocol handler is unable to access the specified MHTML file, the handler will attempt to access the content specified by the alternate location. The ITS protocol handlers incorrectly treat HTML content from one domain (htmlfile.html in example.com) as if it were in a different domain (file://, the Local Machine Zone). This is a violation of the cross-domain security model. Limited testing shows that the ms-its, its, and mk:@MSITStore protocol handlers are vulnerable.
Read more