We received numerous emails asking whether the frames issue is (partially) fixed in IE6 SP1 since the "Program execution" and "Local file reading" demonstrations in our advisory did not function. These demonstrations did not function because SP1 blocks links to res:// and file:// URLs and not because Microsoft fixed the core vulnerability (this could have been verified by running the first and second demonstrations). We have now revised both demonstrations according to Thor's post, and it is again possible to read local files and execute programs under IE6 SP1 as well. The advisory and demonstrations can be found at http://sec.greymagic.com/adv/gm010-ie/. >..Ironically, though, the fix itself opens up a way to circumvent this >security measure. You can still open any file:// or res:// file >automatically with > ><object type="text/html" data="redirect.asp"></object>
