PDA

Просмотр полной версии : Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability



HATTIFNATTOR
08.04.2008, 13:57
Microsoft Internet Explorer is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to obtain potentially sensitive information from the local computer. Information obtained may aid in further attacks.

This issue affects Internet Explorer 7. Reportedly, Internet Explorer 8 is not vulnerable, but this has not been confirmed.
This issue may be related to the vulnerability discussed in BID 28581 (Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability).

http://www.securityfocus.com/bid/28667/discuss