The latest security issue involves an IE 5 feature called "download behavior" that allows a Web page to download files for use in client-side scripting.
By design, a Web site should be able to download files that reside in its domain, preventing client-side code from exposing files on the user's machine. The problem is that a server-side redirect can be used to bypass this restriction, enabling a malicious Web site operator to read an unsuspecting user's local files, according to Microsoft.
As a result of the problem, text files from the user's disk, or local Web server, may be read and then sent to an arbitrary server on the Internet, allowing the user's files to be "stolen," according to Bulgarian programmer Georgi Guninski, who has been credited with discovering numerous security holes in Microsoft and America Online's Web browsers.
"This vulnerability would chiefly affect workstations that are connected to the Internet," Microsoft said in a security alert released yesterday.
The company said it is working on a patch for the problem. "As an immediate measure, customers can prevent the download behavior function from operating by disabling ActiveScripting," according to the security bulletin.
The security hole is the latest in a series of bugs plaguing the software giant's IE browser.