Microsoft has released a security bulletin which discusses a vulnerability in Internet Explorer version 5.0.

This has to do with the function in Internet Explorer which enables importing or exporting a list of favorite web sites/pages. This functionality is useful for those who need to use different computers (e.g. at home and at work). 

However, it has been discovered that a malicious web site may use this method to perform such actions on the browsing computer like deleting files or formatting a disk drive - actually any action on the computer which the logged-in user is allowed to do.

When this security information is written, there is no patch from Microsoft available. To avoid being vulnerable you have to disable Active Scripting following these steps:

• In Internet Explorer select the menu choice Tools | Internet Options.
• Then click the Security tab.
• Highlight the Internet zone and click the Custom Level... button.
• Navigate to the Scripting headline and select Disable in the Active scripting entry.
• Confirm the change.

The security bulletin from Microsoft will be re-released when there is a patch for this vulnerability.

These links may be of interest for more details about the vulnerability:

• Microsoft's Frequently Asked Questions addressing this issue.
• The Security Bulletin from Microsoft.

Per Olav Førland