[原文]Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
Internet Explorer 6版本和之前版本存在漏洞。远程攻击者可以导致某些HTTP请求被自动执行并且似乎来自于用户，攻击者还可以借助该漏洞在基于网络的服务内提升特权或执行操作，也称为"HTTP Request Encoding vulnerability"。
Microsoft has released a patch which addresses this issue: **Note that in order to apply the patches for IE5.01 and IE5.5 you must have Internet Explorer Service Pack 2 installed for each product. Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer contains a flaw that may allow a malicious user to automatically execute HTTP requests on behalf of the victim. The issue is triggered when the attacker encodes URLs in a specific way and the victim views HTML crafted by the attacker. It is possible that the flaw may allow the attacker to take control of the victim's web-based applications, such as web-based email and online banking.
Apply the Q306121 hotfix, as it has been reported to fix this vulnerability. The fix for this flaw is also included in IE 5.01 Service Pack 3, IE 5.5 Service Pack 3, and IE 6 Service Pack 1. An upgrade is required as there are no known workarounds.