[VULNERABILIDAD] Internet Explorer File Identification Variant

09/02/2004 - 19:24 por Ille Corvus | Informe spam
-
http://www.secunia.com/advisories/10820/

Internet Explorer File Identification Variant

Secunia Advisory: SA10820
Release Date: 2004-02-09

Critical: Not critical
Impact: Exposure of system information
Where: From remote

Software: Microsoft Internet Explorer 6

Description:
Jelmer has discovered a vulnerability in Internet Explorer, allowing
malicious sites to detect the presence of local files.

The problem is that a vbscript can cause Internet Explorer to report
different error messages depending on whether a file specified in a
form exists or not. This could be exploited to determine the presence
of specific programs or data.

This is a variant of older vulnerabilities reported to affect previous
versions of Internet Explorer.

The vulnerability has been confirmed in version 6.0 SP1 with all
patches applied.

Solution:
Disable active scripting except for trusted sites.
-

Ejem, ejem...ejem...


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)

Preguntas similare

Leer las respuestas

#1 Luis J.
09/02/2004 - 19:52 | Informe spam
Oye, ¿puedes decirme como se evita esta vunerabilidad? no termino de entender el ultimo parrafo.
Gracias

Luis J.

"Ille Corvus" escribió en el mensaje news:
| -
| http://www.secunia.com/advisories/10820/
|
| Internet Explorer File Identification Variant
|
| Secunia Advisory: SA10820
| Release Date: 2004-02-09
|
| Critical: Not critical
| Impact: Exposure of system information
| Where: From remote
|
| Software: Microsoft Internet Explorer 6
|
| Description:
| Jelmer has discovered a vulnerability in Internet Explorer, allowing
| malicious sites to detect the presence of local files.
|
| The problem is that a vbscript can cause Internet Explorer to report
| different error messages depending on whether a file specified in a
| form exists or not. This could be exploited to determine the presence
| of specific programs or data.
|
| This is a variant of older vulnerabilities reported to affect previous
| versions of Internet Explorer.
|
| The vulnerability has been confirmed in version 6.0 SP1 with all
| patches applied.
|
| Solution:
| Disable active scripting except for trusted sites.
| -
|
| Ejem, ejem...ejem...
|
|
| --
| Ille Corvus. Hic et Nunc.
|
| Meritorios de Filtrado (Kill-file):
| jm tella llop (2003.10.25)
Respuesta Responder a este mensaje
#2 JM Tella Llop [MVP Windows] ·
09/02/2004 - 19:58 | Informe spam
le estás pidiendo peras al olmo...

No ves que para saberlo, tendría que haber visto un XP en su vida.

Jose Manuel Tella Llop
MVP - Windows

http://www.multingles.net/jmt.htm
Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.


"Luis J." wrote in message news:eKD%
Oye, ¿puedes decirme como se evita esta vunerabilidad? no termino de entender el ultimo parrafo.
Gracias

Luis J.

"Ille Corvus" escribió en el mensaje news:
| -
| http://www.secunia.com/advisories/10820/
|
| Internet Explorer File Identification Variant
|
| Secunia Advisory: SA10820
| Release Date: 2004-02-09
|
| Critical: Not critical
| Impact: Exposure of system information
| Where: From remote
|
| Software: Microsoft Internet Explorer 6
|
| Description:
| Jelmer has discovered a vulnerability in Internet Explorer, allowing
| malicious sites to detect the presence of local files.
|
| The problem is that a vbscript can cause Internet Explorer to report
| different error messages depending on whether a file specified in a
| form exists or not. This could be exploited to determine the presence
| of specific programs or data.
|
| This is a variant of older vulnerabilities reported to affect previous
| versions of Internet Explorer.
|
| The vulnerability has been confirmed in version 6.0 SP1 with all
| patches applied.
|
| Solution:
| Disable active scripting except for trusted sites.
| -
|
| Ejem, ejem...ejem...
|
|
| --
| Ille Corvus. Hic et Nunc.
|
| Meritorios de Filtrado (Kill-file):
| jm tella llop (2003.10.25)
Respuesta Responder a este mensaje
#3 Javier Inglés [MS MVP]
09/02/2004 - 20:12 | Informe spam
Como ya te he comentado...tienes alguna idea de la duda que te he dejado posteada??? Que como te he dicho, me tienes en ascuas :-)


Javier Inglés
MS-MVP

:
<<<QUITAR "NOSPAM" PARA MANDAR MAIL>>>

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho


"Ille Corvus" escribió en el mensaje news:
-
http://www.secunia.com/advisories/10820/

Internet Explorer File Identification Variant

Secunia Advisory: SA10820
Release Date: 2004-02-09

Critical: Not critical
Impact: Exposure of system information
Where: From remote

Software: Microsoft Internet Explorer 6

Description:
Jelmer has discovered a vulnerability in Internet Explorer, allowing
malicious sites to detect the presence of local files.

The problem is that a vbscript can cause Internet Explorer to report
different error messages depending on whether a file specified in a
form exists or not. This could be exploited to determine the presence
of specific programs or data.

This is a variant of older vulnerabilities reported to affect previous
versions of Internet Explorer.

The vulnerability has been confirmed in version 6.0 SP1 with all
patches applied.

Solution:
Disable active scripting except for trusted sites.
-

Ejem, ejem...ejem...


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)
Respuesta Responder a este mensaje
#4 Javier Inglés [MS MVP]
09/02/2004 - 20:21 | Informe spam
Por cierto, a ver si diferenciamos:

Critical: Not critical

Porque si no ponemos todas las que salen en Secunia de cualquier cosa...yo que sé:

PHP Configuration Leakage Vulnerability
http://www.secunia.com/advisories/10818/

Si donde no hay...
Javier Inglés
MS-MVP

:
<<<QUITAR "NOSPAM" PARA MANDAR MAIL>>>

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho


"Ille Corvus" escribió en el mensaje news:
-
http://www.secunia.com/advisories/10820/

Internet Explorer File Identification Variant

Secunia Advisory: SA10820
Release Date: 2004-02-09

Critical: Not critical
Impact: Exposure of system information
Where: From remote

Software: Microsoft Internet Explorer 6

Description:
Jelmer has discovered a vulnerability in Internet Explorer, allowing
malicious sites to detect the presence of local files.

The problem is that a vbscript can cause Internet Explorer to report
different error messages depending on whether a file specified in a
form exists or not. This could be exploited to determine the presence
of specific programs or data.

This is a variant of older vulnerabilities reported to affect previous
versions of Internet Explorer.

The vulnerability has been confirmed in version 6.0 SP1 with all
patches applied.

Solution:
Disable active scripting except for trusted sites.
-

Ejem, ejem...ejem...


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)
email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida