Whats the scope of the “Browser Print Template” vulnerability?
This vulnerability could enable a malicious web site operator to take unauthorized action on the computer of a visiting user, by giving her the ability to run, on the user’s computer, ActiveX controls that are normally off limits to web sites. This would enable the malicious user to take a broad range of actions on the user’s computer, including adding, changing or deleting files, exchanging files with a web site, and others. The vulnerability only enables the malicious user to take action via ActiveX controls, so if there was not an ActiveX control available to perform a particular action, she could not take it. Even if there was an ActiveX control available to take a particular action, it would operate subject to the user’s permissions on the computer. The vulnerability only affects IE 5.
