Bink.nu Services

Subscribe to our feed 

 


Order Now!

Windows 7 for XP Professionals
Updating Support Skills from XP to Windows 7
by Bink.nu's Raymond Comvalius

Who is online

There are 68 guest(s) online.

There are 0 member(s) online.

Sponsors



Popular Tags

Archives

Internet Explorer 7 minor vulnerability discovered: "mhtml:" Redirection Information Disclosure
Posted by Steven Bink October 19, 2006 10:00 AM with 5 comment(s)
Filed under:
A "less critical" vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.

Secunia has constructed a test, which is available at:
http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/

Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Solution:
Disable active scripting support.

Other References:
SA19738:
http://secunia.com/advisories/19738/
Send via e-mail | Submit to Digg | Add to Live Favorites
4996 Views
Source: secunia.com

Comments

 

RanMay said:

OMG, Secunia! That's quite a catch! I don't know how to live now, my sweet totally unbiased Ikea-freaks. I guess I'll go spread FireFox now, isn't that the message of the whole bloody site?

Always hated those idiots, never gave a useful vulnerabilty report, always picking on little this and that and catching majors from serious people. [8o|]DoS to zealots![8o|]

October 19, 2006 12:12 PM
 

bartm said:

In vista RC2 the vulnerability does not work :)
October 19, 2006 12:21 PM
 

xper said:

Ikea freaks? Secunia is Danish based company. Ikea is Swedish.
October 19, 2006 2:09 PM
 

RanMay said:

My bad, xper, had to do some smack talk though [:)]
October 19, 2006 3:01 PM
 

RetroGoth said:

According to their test thing, Internet Explorer 6 is also affected.  However, judging by the other comments, should I be worried at all?
October 19, 2006 8:01 PM

About Steven Bink

Founder of Bink.nu
Powered By IIS 7 Powered by ASP.NET
Bink.nu 3.0. Copyright © 1999-2012 Steven Bink. All Rights Reserved.
Microsoft and Microsoft logo's are trademarks of Microsoft Corporation.