The Microsoft Internet Explorer security model allows a Web site to run any script or program that it trusts. The program exposes some fairly powerful functionality that allows a hostile Web site to glean information...

The only thing that a Web site can do with this is read selected files from a users machine if they know the name of the file.

The responsible way to handle a security vulnerability report is to let the vendor know you believe you’ve found a potential vulnerability in their product so they can investigate it. That wasn’t done in this...

Whether or not an operating system has a remote command shell says nothing about its ability to withstand other attacks such as denial of service attacks.

There is great customer interest in UPnP, especially as more UPnP-capable devices are becoming available. Folks who don’t want UPnP can certainly turn off the service, but just applying the patch is sufficient to return...

We’re recommending as a work-around that customers who are worried about this vulnerability disable active scripting, while we develop a patch for this.

The real problem is Netscape Communicator taking a powerful script and putting it out on your computer in a locale where any Web site can find it out and run it.