Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Internet Explorer Discloses Known Files to Remote Users
|
|
SecurityTracker Alert ID: 1023542 |
|
SecurityTracker URL: http://securitytracker.com/id/1023542
|
|
CVE Reference:
CVE-2010-0255
(Links to External Site)
|
Updated: Sep 15 2011
|
Original Entry Date: Feb 4 2010
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 5.01, 6, 6 SP1, 7, 8
|
Description:
A vulnerability was reported in Microsoft Internet Explorer. A remote user can access files on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will access known files on the target user's system.
Systems running in Protected Mode are not affected.
The original advisory is available at:
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=Abusing_Insecure_Features_of_Internet_Explorer
Jorge Luis Alvarez Medina and Federico Muttis from Core Security Technologies reported this vulnerability.
|
Impact:
A remote user can access files on the target user's system.
|
Solution:
The vendor has issued a fix for IE 7 and IE 8 as part of a cumulative update.
Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=fc02fc7e-ee85-4377-b54c-012fa60a8c9c
Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=6c7cda29-161e-49b4-976a-c718c0aa11a0
Windows Server 2003 Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=f0187b69-3ed9-494c-89f1-90a35e22078c
Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=50b8ee2e-31f8-473d-83d1-822c89c28070
Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=123bf547-9005-451f-9eba-97a68037304e
Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=661c9528-917d-4df6-a330-c89f39dc5ce4
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=d9f5feb0-fa1a-40c1-9971-9b8af6f0b4a5
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=bed14484-7fc5-455d-b996-3192467543cc
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=a24554e8-213b-4c24-b062-ec424d64128e
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=dee5c0c0-b844-490d-8daf-6e6ec8a39e35
Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=9cff9aba-7743-4c33-87c7-37d06ed60a21
Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=37cd7533-ddad-4d0d-85c0-1491308e1ff8
Windows Server 2003 Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=ebab6101-fcf1-4842-b22d-893a20c1c10f
Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=87e13912-f861-4985-ab9d-260a5898dfd4
Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=640f9216-3e99-46b6-aac8-cd051eedad3c
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=3076d1ea-7716-4b54-8ec4-660374f14dcb
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=24ed08c7-a474-4458-8269-3b9de5e22385
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=cf84469b-ce6d-45e8-8336-7b4501c6cf91
Windows 7 for 32-bit Systems, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=5c835885-9375-4882-a92f-4d4cfcacc005
Windows 7 for x64-based Systems, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=5cfc5776-0c6b-4092-bc98-94df077c60d8
Windows Server 2008 R2 for x64-based Systems, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=7c4ff5ae-eadd-431e-b982-d5f179efb8c0
Windows Server 2008 R2 for Itanium-based Systems, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=52c04d85-911f-47be-852e-c9bb4934744d
A restart is required.
[Editor's note: On September 13, 2011, Microsoft reoffered the update for Microsoft Windows 2000 and Windows XP to correct a detection issue. Systems that have already been updated are not affected.]
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx
The vendor's original advisory is available at:
http://www.microsoft.com/technet/security/advisory/980088.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-035.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 04 Feb 2010 02:56:39 +0000
Subject: Microsoft Internet Explorer (IE)
|
http://www.microsoft.com/technet/security/advisory/980088.mspx
CVE-2010-0255
|
|
Go to the Top of This SecurityTracker Archive Page
|
