|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA20825] Internet Explorer Information Disclosure and HTA Application Execution
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Jun 27 2006 - 11:17:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
----------------------------------------------------------------------
TITLE:
Internet Explorer Information Disclosure and HTA Application
Execution
SECUNIA ADVISORY ID:
SA20825
VERIFY ADVISORY:
http://secunia.com/advisories/20825/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
DESCRIPTION:
Plebo Aesdi Nael has discovered two vulnerabilities in Internet
Explorer, which can be exploited by malicious people to disclose
potentially sensitive information and potentially compromise a user's
system.
1) An error in the handling of redirections can be exploited to
access documents served from another web site via the
"object.documentElement.outerHTML" property.
Secunia has constructed a test, which is available at:
http://secunia.com/internet_explorer_information_disclosure_vulnerability_test/
2) An error in the handling of file shares can be exploited to trick
a user into executing a malicious HTA application via directory
traversal attacks in the filename.
Successful exploitation requires some user interaction.
The vulnerabilities have been confirmed on a fully patched system
with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other
versions may also be affected.
SOLUTION:
1) Disable Active Scripting support.
2) Filter Windows file sharing traffic.
PROVIDED AND/OR DISCOVERED BY:
Plebo Aesdi Nael
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]