TITLE:
Internet Explorer "mhtml:" Redirection Disclosure
of Sensitive
Information
SECUNIA ADVISORY ID:
SA22477
VERIFY ADVISORY:
http://secunia.c
om/advisories/22477/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/
product/12366/
DESCRIPTION:
A vulnerability has been discovered in Internet Explorer,
which
can
be exploited by malicious people to disclose potentially
sensitive
information.
The vulnerability is caused due to an error in the handling
of
redirections for URLs with the "mhtml:" URI
handler. This can
be
exploited to access documents served from another web site.
Secunia has constructed a test, which is available at:
http://secunia.com/Internet
_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/
Secunia has confirmed the vulnerability on a fully patched
system
with Internet Explorer 7.0 and Microsoft Windows XP SP2.
Other
versions may also be affected.
SOLUTION:
Disable active scripting support.
OTHER REFERENCES:
SA19738:
http://secunia.c
om/advisories/19738/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|