The vulnerability could allow amalicious web site operator to read - butnot add, change or delete - certain types offiles on the computer of a visiting user.When a web server navigates a window fromone domain into another one, the IE securitymodel checks the server's permissions onthe new page. However, it is possible for aweb server to open a browser window to aclient-local file, then navigate the windowto a page that is in the web site's domainin such a way that the data in the client-local fileis accessible to the new window. The datawould only be accessible to the new windowfor a very brief period, but the result is that itcould be possible for a malicious web siteoperator to view files on the computer ofa visiting user. The web site operator would need toknow (or guess) the name and location of thefile, and could only view file types thatcan be opened in a browser window.