Microsoft:New Flaw could affect Internet Explorer 6, 7 and 8

Microsoft issued a new security warning of a potential flaw in Internet Explorer which could allow third-parties access to data, on Wednesday .

Microsoft said in the security advisory “Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location.”

This flaw comes after an out-of-band patch was released for IE to patch a vulnerability, details of which were released by Google in January 2010 after a targeted attack upon Google which resulted in the theft of some intellectual property to them. The attack led Google to announce that it would be withdrawing support for IE 6.

The new vulnerability found affective on IE 5.01 and IE 6 on Windows 2000, IE 6 on Windows 2000 SP4 and IE6, IE7 and IE8 on Windows XP and Windows 2003.And this vulnerability could also affect Internet Explorer 7 and IE 8 on Windows Vista, Windows Server 2008 and Windows 7  if a user choose to disable protected mode or, in the case  if Windows Server 2003 and 2008 is not running Internet Explorer in Enhanced Security Configuration.

Microsoft’s security advisory explains “The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.”