[security-alerts] FW: [SA20825] Internet Explorer Information Disclosure and HTA Application Execution

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Internet Explorer Information Disclosure and HTA Application
> Execution
> 
> SECUNIA ADVISORY ID:
> SA20825
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/20825/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> Exposure of sensitive information, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
> 
> DESCRIPTION:
> Plebo Aesdi Nael has discovered two vulnerabilities in Internet
> Explorer, which can be exploited by malicious people to disclose
> potentially sensitive information and potentially compromise a user's
> system.
> 
> 1) An error in the handling of redirections can be exploited to
> access documents served from another web site via the
> "object.documentElement.outerHTML" property.
> 
> Secunia has constructed a test, which is available at:
> http://secunia.com/internet_explorer_information_disclosure_vu
> lnerability_test/
> 
> 2) An error in the handling of file shares can be exploited to trick
> a user into executing a malicious HTA application via directory
> traversal attacks in the filename.
> 
> Successful exploitation requires some user interaction.
> 
> The vulnerabilities have been confirmed on a fully patched system
> with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other
> versions may also be affected.
> 
> SOLUTION:
> 1) Disable Active Scripting support.
> 
> 2) Filter Windows file sharing traffic.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Plebo Aesdi Nael
> 
> ORIGINAL ADVISORY:
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/0
> 47398.html
>