Whats the scope of the new variant of the “Scriptlet Rendering” vulnerability?
The scope is exactly the same as for the original variant, discussed in Microsoft Security Bulletin MS00-055. It could allow a malicious web site operator to view files on the computer of visiting user. The malicious web site operator would need to know the name and location of the file on the user’s computer, and could only view files that can be opened in a browser window.