[原文]The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
Microsoft IE Download Function Cache Disclosure (threadid10008)
Remote / Network Access
Loss of Confidentiality
Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered via a malicious HTTPResponse with an invalid content-header and htm type, which will disclose the cache directory name information resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.