Microsoft Internet Explorer 5.01, 5.5 and 6.0 has a parsing procedure with a flaw in it that may cause arbitrary script commands to be executed in the Local Zone. This can lead to potential arbitrary command execution, local file reading and other severe consequences.
a1540b588487d7bd0bd38292e470f26634d2bc21c8824bc90b85740e975aa019
Microsoft Internet Explorer versions 5.5 and 6.0 are susceptible to 9 attacks involving object caching. When communicating between windows, security checks ensure that both pages are in the same security zone and on the same domain. These crucial security checks wrongly assume that certain methods and objects are only going to be called through their respective window. This assumption enables some cached methods and objects to provide interoperability between otherwise separated documents.
0d493f1ee4c0342068a311e12ade60a725672891b23957e14ce2b5cbe1e6e675
Internet Explorer 5.5 SP2 and Internet Explorer 6 allow the oIFrameElement.Document reference to return a document with no security restrictions, allowing remote attackers to steal cookies from any site, gain access to content in sites (forging content), read local files and execute arbitrary programs on the client's machine. Exploit HTML included which reads the client's google.com cookie. IE6 SP1 is not affected. Four demonstration exploits are available here.
edee121c0f0aa5b69ff4f7f5dfedea6a19e4da0a66f54e210fe0ff60e1f71964