A flaw exists in the way in which the ActiveX control provides
access to information on the user's computer. A vulnerability exists
because an attacker could invoke the ActiveX control from script
code, which would allow the attacker to view and manipulate metadata
contained in the media library on the user's computer.
To exploit this flaw, an attacker would have to host a malicious Web
site that contained a Web page designed to exploit this
vulnerability, and then persuade a user to visit that site-an
attacker would have no way to force a user to the site. An attacker
could also embed a link to the malicious site in an HTML e-mail and
send it to the user. After the user previewed or opened the e-mail,
the malicious site could be visited automatically without further
user interaction.
|