PandaLabs, a developer and provider of integrated security solutions has recently issued a public warning through its daily security newsletter Oxygen3 concerning the way in which Microsoft's Internet Explorer browser is administering the URL database. According to PandaLabs, the "index.dat" Windows file has surrounded itself with controversy because the manner in which it manages redundant information regarding Internet addresses, search queries and the last opened files. In this regard, the "index.dat" file functions as a database storing information related to Internet traffic. In the context of an enabled "AutoComplete" features the file records data. The volume of information stored refers to the Web pages navigated and to all the form fields filled. PandaLabs describes the two "index.dat" components of the Microsoft's browser as file cache and cookies.

PandaLabs has identified the controversy following the surfacing of several reports concerning the "index.dat" file. The reports stated that the file delivers a way for an attacker to access private user content. "index.dat" is a threat to privacy because it simply cannot be discarded, any deletion attempt being blocked by Windows while the program is active. PandaLabs has disclosed that even if all the data in the browser's history, temporary files and cookies is deleted, the "index.dat" file's content remains unchanged, keeping all the gathered data. In its daily security newsletter Oxygen3, PandaLabs describes that the only workaround to the deletion is starting Windows in Safe Mode.

Microsoft has announced that it has assessed this situation in its latest browser, and that the feature was discarded from the upcoming Internet Explorer 7, although prior versions are vulnerable to an attack via "index.dat".