published Feb 11, 2004
updated Feb 11, 2004
Vulnerable
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
A vulnerability was reported in Microsoft Internet Explorer that could permit a remote site to gain access to contents of the client user's clipboard.
This vulnerability is a variant of similar issues which could permit scripting operations to gain access to clipboard contents, such as that described in BIDs 215 and 3862. This issue employs the execCommand("Paste") method to copy clipboard contents into small (or hidden) textarea. In this manner, security checks performed by the browser are bypassed and the clipboard contents will be copied.
The impact of exploitation depends entirely on what sort of information is stored in the user's clipboard at the time of exploitation, though it is common for user's to copy various credentials into their clipboard.
Workaround:
This issue can be effectively mitigated by disabling the "Allow paste options via scripting" setting in Internet Explorer.
An additional precaution would be for web users to avoid copying sensitive information into their clipboards.
http://www.securityfocus.com/bid/9643/solution/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic