Bulletin de sécurité MS00-O33 remontant à l'année 2000 et concernant IE 4 et 5 !

--------------------------------------------------
Note added at 33 mins (2005-11-14 14:50:24 GMT)
--------------------------------------------------

Voilà en anglais ce que cela signifie. Il s'agit de cadres.

Microsoft Security Bulletin (MS00-033): Frequently Asked Questions
SQL Server Failover Clustering

Frame Domain Verification Vulnerability
What's this bulletin about?
Microsoft Security Bulletin MS00-033 announces the availability of a patch that eliminates a vulnerability in Microsoft® Internet Explorer. The vulnerability could allow a malicious web site operator to view files on the computer of a visiting user, under certain circumstances. Microsoft is committed to protecting customers' information, and is providing the bulletin to inform customers of the vulnerability and what they can do about it.

What's the scope of the vulnerability?
The vulnerability could allow a malicious web site operator to view files on the computer of visiting user. The malicious web site operator would need to know the name and location of the file on the user's computer, and could only view files that can be opened in a browser window.
The vulnerability requires Active Scripting in order to succeed. If the malicious site were in a Security Zone that does not allow Active Scripting, the vulnerability could not be exploited.

What causes the vulnerability?
The vulnerability exists because it is possible, under very specific conditions, to violate IE's cross-domain security model in such a way as to allow a web site to read data that it should be prevented from reading.

What is meant by "IE's cross-domain security model", and how does it pertain to this vulnerability?
A good description of the IE cross-domain security model is provided in the FAQ for MS00-009 but in a nutshell, the IE cross-domain security model is designed to ensure that a browser window opened by a web site can only access data that belongs to that site.

Does this vulnerability let a browser window read what's in another browser window?
Almost. In this case, the issue is the ability of a window to read a frame that's in a different domain. A browser window can contain frames - subdivisions of a window that operate independently of each other. An example of a window that uses frames would be a web page in which a navigation bar on one side of the screen stays fixed while the content in the center of the screen changes as you make your selection. The navigation bar is in one frame, and the content is in another. If the frames belong to different domains, the IE cross-domain model should protect them from each other. However, in this vulnerability, flaws in two functions allow this protection to be breached.

What happens in this vulnerability?
In this vulnerability, a malicious web site opens a browser window on the user's computer. Within that window, the site opens a frame, and displays a file from the user's local computer in it. This is legitimate usage, but the window and the frame are in different domains - the window is in the web site's domain, while the frame is in the local file system domain - so the cross-domain security model should prevent them from reading each other's data. However, implementation flaws in two functions allow the window to access the data that is displayed in the frame. This would allow script running in the window to send the contents of the frame to the malicious user's web site.

What's the flaw in the functions?
The functions do not check which domain the frame is in before giving the window access to it.

What kinds of files could be viewed via this vulnerability?
Only files that can be opened in a browser window. Examples are .txt, .htm or .js files. Examples of file types that cannot be opened in a browser window include .dat, .doc, .exe, .jpg and other file types.

How likely am I to be affected by this vulnerability?
It depends on your web browsing habits. The key thing to remember is that you have to visit a malicious web site in order to be affected by it. Most people visit a small number of familiar, professionally-operated web sites, and it's unlikely that such a site would pose any risk. Users who surf lots of unknown web sites would be at greater risk. However, Security Zones provide a great way to manage your risk, and we recommend that customers use them.

Could this vulnerability be exploited accidentally?
No. The steps that a web site would need to take in order to exploit this vulnerability are extremely unlikely to be useful for any purpose except exploiting this vulnerability

What does the patch do?
The patch changes the two affected functions so that they perform appropriate domain checking before granting access to any data.

Where can I get the patch?
The download location for the patch is provided in the "Patch Availability" section of the security bulletin

How can I tell if I installed the patch correctly?
The KB article provides a manifest of the files in the patch package. The easiest way to verify that you've installed the patch correctly is to verify that these files are present on your computer, and have the same sizes and creation dates as shown in the KB article.