IE flaw allows any file on victim's PC to be read

Security consultant Jorge Luis Alvarez Medina conducted a live demonstration that saw him exploiting (yet another) flaw in Microsoft's Internet Explorer web browser. In this instance, Medina was able to read files on the victim's local drive with impunity. And not only is the flaw said to extend across all versions of Internet Explorer, it is also "not subject to a patching fix."

In a Computerworld article, Medina said that "it doesn't appear that the IE flaw is subject to patching because it encompasses design features related to how IE and Windows Explorer handle zone elevation, HTML code and MIME types."

Workarounds involved a list of configurations such as setting "IE Network Protocol Lockdown" mode, adjusting the security on Intranet Zones to "high" and disabling Active Scripting. Honestly, I'll just as soon recommend that users switch from Internet Explorer to something with less pervasive security problems. Do you agree?

For more on this story:
- check out this article at Computerworld 

Related Articles:
Chrome 4 opens the door to third-party extensions
Microsoft issues emergency patch for Internet Explorer
Firefox 3.7 should see vast speed improvements
Google Chrome is now No. 3 browser
Microsoft confirms new Internet Explorer vulnerability