It's not IE6, it's any version of IE that's not in "protected mode" (so, any version of IE on XP, and or an elevated or UAC-disabled IE under Vista/7).
Seems not that super-critical since exploit must know a complete path to a specific file that's going to be revealed. Carl -----Original Message----- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Thursday, February 04, 2010 11:57 AM To: NT System Admin Issues Subject: IE info-disclosure bug disclosed at Black Hat MSRC bulletin released, MS Security Advisory released, ZDNet Zero-Day has a story. An information-leakage problem in Internet Explorer has been disclosed at this week's Black Hat conference. It seems that if you use Internet Explorer to surf the Internet, the Bad Guys can now read ANY FILE on your hard drive. Details and info on a Microsoft-issued "FixIt" solution are in the latest blog entry at http://geoapps.blogspot.com/ -- so if you use IE, especially IE6, please go read up on this and get patching. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
