Plebo Aesdi Nael

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 6.0 **Description** The issue allows remote attackers to access restricted information from other domains. This is achieved through an object tag with a data parameter that references a link on the attacker's site, which then makes the content available through the outerHTML attribute of the object. An attacker could exploit this by constructing a specially crafted Web page, allowing for information disclosure if a user views the page. The vulnerability requires the targeted Web page to use gzip encoding or another compression type supported by Internet Explorer and to be cached on the client side. **Recommendations** For Microsoft Internet Explorer version 6.0, consider disabling the use of object tags with data parameters that reference external links as a temporary workaround until a patch is available. Restrict access to cached Web pages that use gzip encoding or other compression types to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 6.0 Windows Explorer (affected versions not specified) **Description** The issue arises from the improper handling of Drag and Drop events, allowing remote user-assisted attackers to execute arbitrary code. This can be achieved via a link to an SMB file share with a filename containing encoded .. (%2e%2e%5c) sequences and an extension that includes the CLSID Key identifier for HTML Applications (HTA). An attacker could exploit this by constructing a malicious Web page, potentially allowing them to save a file on the user's system if the user visits a malicious Web site or views a malicious e-mail message. Successful exploitation could grant the attacker complete control of the affected system, requiring user interaction. **Recommendations** For Microsoft Internet Explorer version 6.0, update to a newer version to mitigate the risk. For Windows Explorer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.