Want CNET to notify you of price drops and the latest stories?
No, thank you Accept
X
WWDC: Everything We ExpectRemote Working in ParadiseBest Mineral SunscreensBest Solar CompaniesCNET CouponsMeal Subscription vs. TakeoutBest Satellite Internet ProvidersCurrent Mortgage Rates

IE 5.0 suffers privacy bugs

Microsoft confirms two potential vulnerabilities in its Internet Explorer 5.0 browser that let Web operators swipe visitors' private information.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
See full bio
Paul Festa
2 min read
Microsoft today confirmed two potential vulnerabilities in its Internet Explorer 5.0 browser that let Web operators swipe visitors' private information.

The first is a new wrinkle in a problem that has dogged IE developers numerous times. Microsoft described the latest bug as a variant on a hole, the latest variation of which was discovered and demonstrated last month by Spanish bug hunter Juan Garlos Cuartango. It makes users' clipboards vulnerable to inspection by Web operators.

The clipboard holds text that users have most recently copied or cut. The clipboard only stores one clip at a time; a new clip automatically erases the previous one.

Microsoft said it was working on a fix for both the Cuartango hole and the new one, discovered and demonstrated by Bulgarian bug hunter Georgi Guninski. Guninski also recently found a URL-sniffing privacy hole in the Communicator browser by America Online's newly acquired Netscape Communications unit.

According to Guninski, the new bug allows the Web site operator to swipe a file if the name of the file is known or guessed. The bug itself lies in IE 5.0's DHTML edit control, which lets the malicious site use JavaScript to paste a filename in a form and send it to a remote server.

JavaScript is a scripting language, developed by Netscape, for executing actions on a Web page without user interaction. For instance, Web authors use JavaScript to create pop-up windows and forms. JavaScript is unrelated to Java, Sun Microsystems' cross-platform computer programming language.

The second issue Microsoft acknowledged as a hypothetical risk, but declined to characterize it as a bug. This one concerns IE 5's support for scripted copy and paste operations built into Web sites. Again, a malicious Web site operator exploiting the vulnerability would be able to read what is on a visitor's clipboard.

"We don't view this as a bug, but as a feature that could potentially be used in a way that's not intended," said Microsoft Windows product manager Rob Bennett. "At this point, any misuse of this is completely hypothetical."

Bennett stressed that users concerned about Web sites pilfering what's on their clipboards can set their zone settings to disable scriptable paste.

"That's why we set this with zone settings, for users who may be concerned that information might be pasted without their knowledge," he said.

The issue is demonstrated on the PC enthusiast site System Optimization.