Secunia

Customer Area icon help

Need help?

Try CSI

Download PSI icon Scan now

Scan Now

Community

Advisories

Database Search Advisories by Product Advisories by Vendor Terminology Report vulnerability

Research Forum My Profile

Community Login

Register now
Forgot password?

Secunia Advisory SA38416

Microsoft Internet Explorer Local File Disclosure Vulnerabilities

Secunia Advisory	SA38416	DOWNLOAD CSI DOWNLOAD PSI
Release Date	2010-02-04
Last Update	2010-02-08

Popularity	13,605 views

Criticality level	Moderately critical
Impact	Exposure of system information Exposure of sensitive information
Where	From remote
Authentication level	Available in Customer Area

Report reliability	Available in Customer Area
Solution Status	Unpatched


Systems affected	Available in Customer Area
Approve distribution	Available in Customer Area
Automated scanning	Secunia CSI, Secunia PSI

Software:	Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 8.x

Secunia CVSS Score	Available in Customer Area
CVE Reference(s)	CVE-2010-0255 CVSS available in Customer Area CVE-2010-0555 CVSS available in Customer Area

Description
Two vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose sensitive information.

1) An error in URLMON when handling redirections can be exploited to bypass domain restrictions and disclose the content of arbitrary local files.

This is related to vulnerability #1 in:
SA35362

2) An error when handling the "data" parameter of a dynamically created object can be exploited to disclose the content of arbitrary local files.

Successful exploitation of the vulnerabilities requires that the full path to a target file is known prior to the attack.

The vulnerabilities are reported in Internet Explorer 5.01, 6, 7, and 8.

Solution
Enable Network Protocol Lockdown for Windows XP, and Protected Mode on Windows Vista and later. Please see the vendor's advisory for more information.
Further details available in Customer Area

Provided and/or discovered by
Jorge Luis Álvarez Medina and Federico Muttis, Core Security Technologies

Changelog
Further details available in Customer Area

Original Advisory
Microsoft:
http://www.microsoft.com/technet/security/advisory/980088.mspx

Core Security Technologies:
http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag

Other references
Further details available in Customer Area

Technical Analysis
Further details available in Customer Area

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available in Customer Area