Internet Explorer Information Disclosure and HTA Application Execution

[B]Internet Explorer Information Disclosure and HTA Application Execution[/B]
Secunia Advisory: SA20825 Print Advisory
Release Date: 2006-06-27

[B]Critical:[/B] Less critical
Impact: Exposure of sensitive information
System access
[B]Where:[/B] From remote
[B]Solution Status:[/B] Unpatched
[B]Software:[/B] Microsoft Internet Explorer 6.x

[b]
Description:[/b]
Plebo Aesdi Nael has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information and potentially compromise a user's system.

1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.

Secunia has constructed a test, which is available at:
[url]http://secunia.com/internet_explorer_information_disclosure_vulnerability_test/[/url]

2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename.

Successful exploitation requires some user interaction.

The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

[B]Solution:[/B]
1) Disable Active Scripting support.

2) Filter Windows file sharing traffic.

Provided and/or discovered by:Plebo Aesdi Nael
Original Advisory: [url]http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html[/url]