Skip to main content

Microsoft Internet Explorer Information Disclosure Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 4 Feb 2010 5367 Views

RISK: Medium Risk

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to access files with an already known filename and location.

The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.


Impact

  • Information Disclosure

System / Technologies affected

  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Internet Explorer 5.01
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8

Solutions

There is no patch available for this vulnerability currently.

    Workaround :
  • Enable Protected Mode in Internet Explorer on Windows Vista and later limits the impact of the vulnerability
  • Set the security level for the Internet and Local Intranet zone in Internet Explorer to "High"


Vulnerability Identifier


Source


Related Link