Internet Explorer Information Disclosure and HTA Application Execution

[Shu_b]

Internet Explorer Information Disclosure and HTA Application Execution
Secunia Advisory: SA20825 Print Advisory
Release Date: 2006-06-27

Critical: Less critical
Impact: Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x


Description:
Plebo Aesdi Nael has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information and potentially compromise a user's system.

1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.

Secunia has constructed a test, which is available at:
http://secunia.com/internet_explorer...rability_test/

2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename.

Successful exploitation requires some user interaction.

The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Solution:
1) Disable Active Scripting support.

2) Filter Windows file sharing traffic.

Provided and/or discovered by:Plebo Aesdi Nael
Original Advisory: http://lists.grok.org.uk/pipermail/f...ne/047398.html

[Shu_b]

Многочисленные уязвимости Microsoft Internet Explorer (multiple bugs)
Опубликовано: 28 июня 2006 г.
Источник: BUGTRAQ
Тип: клиент
Опасность: 7/10
Описание: Доступ к содержимому страницы между доменами, выполнение кода через MSHTA.
Затронутые продукты: MICROSOFT:Internet Explorer 6.0
Оригинальный текст Plebo Aesdi Nael, IE_ONE_MINOR_ONE_MAJOR (28.06.2006)