Microsoft IE Cross Frame Security Arbitrary File Access
Local Access Required,
Remote / Network Access
Loss of Confidentiality
Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user visits a malicious web site, which could read files on the local file system.
Microsoft has released a patch to address this vulnerability.