Security Bulletin
MS02-015 This is a cumulative patch that includes the functionality of all
previously released patches for IE 5.01, 5.5 and IE 6. In addition,
it eliminates the following two newly discovered vulnerabilities:
- A vulnerability in the zone determination function that could
allow a script embedded in a cookie to be run in the Local
Computer zone. While HTML scripts can be stored in cookies,
they should be handled in the same zone as the hosting site
associated with them, in most cases the Internet zone. An
attacker could place script in a cookie that would be saved
to the user's hard disk. When the cookie was opened by the
site the script would then run in the Local Computer zone,
allowing it to run with fewer restrictions than it would
otherwise have.
Patch makes CookiePal usesless in non-english ÍEBest wishes
Arne

Imici username: Arne