[原文]Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability.
Microsoft Internet Explorer could allow a remote attacker to access sensitive information on a victim's system. Due to a flaw in the way IE parses file names, an attacker can call files with "." or " ." appended. This can allow an attacker to create a malicious HTML page that calls a cookie containing embedded script which would be stored on the victim computer. Once stored, the malicious cookie can be used to read other sensitive cookie data.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch (q321232) to address this vulnerability.