[VULNERABILIDAD] Internet Explorer File Identification Variant

09/02/2004 - 19:24 por Ille Corvus | Informe spam
-
http://www.secunia.com/advisories/10820/

Internet Explorer File Identification Variant

Secunia Advisory: SA10820
Release Date: 2004-02-09

Critical: Not critical
Impact: Exposure of system information
Where: From remote

Software: Microsoft Internet Explorer 6

Description:
Jelmer has discovered a vulnerability in Internet Explorer, allowing
malicious sites to detect the presence of local files.

The problem is that a vbscript can cause Internet Explorer to report
different error messages depending on whether a file specified in a
form exists or not. This could be exploited to determine the presence
of specific programs or data.

This is a variant of older vulnerabilities reported to affect previous
versions of Internet Explorer.

The vulnerability has been confirmed in version 6.0 SP1 with all
patches applied.

Solution:
Disable active scripting except for trusted sites.
-

Ejem, ejem...ejem...


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)
 

Leer las respuestas

#1 Luis J.
09/02/2004 - 19:52 | Informe spam
Oye, ¿puedes decirme como se evita esta vunerabilidad? no termino de entender el ultimo parrafo.
Gracias

Luis J.

"Ille Corvus" escribió en el mensaje news:
| -
| http://www.secunia.com/advisories/10820/
|
| Internet Explorer File Identification Variant
|
| Secunia Advisory: SA10820
| Release Date: 2004-02-09
|
| Critical: Not critical
| Impact: Exposure of system information
| Where: From remote
|
| Software: Microsoft Internet Explorer 6
|
| Description:
| Jelmer has discovered a vulnerability in Internet Explorer, allowing
| malicious sites to detect the presence of local files.
|
| The problem is that a vbscript can cause Internet Explorer to report
| different error messages depending on whether a file specified in a
| form exists or not. This could be exploited to determine the presence
| of specific programs or data.
|
| This is a variant of older vulnerabilities reported to affect previous
| versions of Internet Explorer.
|
| The vulnerability has been confirmed in version 6.0 SP1 with all
| patches applied.
|
| Solution:
| Disable active scripting except for trusted sites.
| -
|
| Ejem, ejem...ejem...
|
|
| --
| Ille Corvus. Hic et Nunc.
|
| Meritorios de Filtrado (Kill-file):
| jm tella llop (2003.10.25)

Preguntas similares