From PC World

Microsoft warned on Wednesday that a flaw in its Internet Explorer browser gives attackers access to files stored on a PC under certain conditions.

"Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location," Microsoft said in a security advisory.

The vulnerability requires that an attacker knows the name of the file they want to access, it said.

The disclosure is the latest security problem to affect IE. Last month, an undisclosed vulnerability in IE 6 was used in attacks that targeted more than 20 U.S. companies, including Google, which blamed China. The vulnerability has since been fixed by Microsoft.

The attacks led Google to announce last week that it would phase out support for IE 6, starting with Google Apps and Google Sites in March.  [More...] [Comments...]