Shu_b
28.06.2006, 09:18
Internet Explorer Information Disclosure and HTA Application Execution
Secunia Advisory: SA20825 Print Advisory
Release Date: 2006-06-27
Critical: Less critical
Impact: Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x
Description:
Plebo Aesdi Nael has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information and potentially compromise a user's system.
1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.
Secunia has constructed a test, which is available at:
http://secunia.com/internet_explorer_information_disclosure_vulnerabi lity_test/
2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename.
Successful exploitation requires some user interaction.
The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
Solution:
1) Disable Active Scripting support.
2) Filter Windows file sharing traffic.
Provided and/or discovered by:Plebo Aesdi Nael
Original Advisory: http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
Secunia Advisory: SA20825 Print Advisory
Release Date: 2006-06-27
Critical: Less critical
Impact: Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x
Description:
Plebo Aesdi Nael has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information and potentially compromise a user's system.
1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.
Secunia has constructed a test, which is available at:
http://secunia.com/internet_explorer_information_disclosure_vulnerabi lity_test/
2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename.
Successful exploitation requires some user interaction.
The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
Solution:
1) Disable Active Scripting support.
2) Filter Windows file sharing traffic.
Provided and/or discovered by:Plebo Aesdi Nael
Original Advisory: http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html