[VULNERABILIDAD] Internet Explorer File Identification Variant

09/02/2004 - 19:24 por Ille Corvus | Informe spam
-
http://www.secunia.com/advisories/10820/

Internet Explorer File Identification Variant

Secunia Advisory: SA10820
Release Date: 2004-02-09

Critical: Not critical
Impact: Exposure of system information
Where: From remote

Software: Microsoft Internet Explorer 6

Description:
Jelmer has discovered a vulnerability in Internet Explorer, allowing
malicious sites to detect the presence of local files.

The problem is that a vbscript can cause Internet Explorer to report
different error messages depending on whether a file specified in a
form exists or not. This could be exploited to determine the presence
of specific programs or data.

This is a variant of older vulnerabilities reported to affect previous
versions of Internet Explorer.

The vulnerability has been confirmed in version 6.0 SP1 with all
patches applied.

Solution:
Disable active scripting except for trusted sites.
-

Ejem, ejem...ejem...


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)
 

Leer las respuestas

#1 Javier Inglés [MS MVP]
09/02/2004 - 19:43 | Informe spam
Oye Ille, cuándo me vas a resolver mi duda??? Me tienes en ascuas :-)

Javier Inglés
MS-MVP

:
<<<QUITAR "NOSPAM" PARA MANDAR MAIL>>>

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho


"Ille Corvus" escribió en el mensaje news:
-
http://www.secunia.com/advisories/10820/

Internet Explorer File Identification Variant

Secunia Advisory: SA10820
Release Date: 2004-02-09

Critical: Not critical
Impact: Exposure of system information
Where: From remote

Software: Microsoft Internet Explorer 6

Description:
Jelmer has discovered a vulnerability in Internet Explorer, allowing
malicious sites to detect the presence of local files.

The problem is that a vbscript can cause Internet Explorer to report
different error messages depending on whether a file specified in a
form exists or not. This could be exploited to determine the presence
of specific programs or data.

This is a variant of older vulnerabilities reported to affect previous
versions of Internet Explorer.

The vulnerability has been confirmed in version 6.0 SP1 with all
patches applied.

Solution:
Disable active scripting except for trusted sites.
-

Ejem, ejem...ejem...


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)

Preguntas similares