Internet Explorer Information Disclosure and HTA Application Execution
Secunia Advisory: SA20825 Print Advisory
Release Date: 2006-06-27
Critical: Less critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x
Plebo Aesdi Nael has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information and potentially compromise a user's system.
1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.
Secunia has constructed a test, which is available at:
2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename.
Successful exploitation requires some user interaction.
The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
1) Disable Active Scripting support.
2) Filter Windows file sharing traffic.
Provided and/or discovered by:Plebo Aesdi Nael
Original Advisory: http://lists.grok.org.uk/pipermail/f...ne/047398.html