SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer Discloses Known Files to Remote Users
SecurityTracker Alert ID:  1023542
SecurityTracker URL:  http://securitytracker.com/id/1023542
CVE Reference:   CVE-2010-0255   (Links to External Site)
Updated:  Sep 15 2011
Original Entry Date:  Feb 4 2010
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.01, 6, 6 SP1, 7, 8
Description:   A vulnerability was reported in Microsoft Internet Explorer. A remote user can access files on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will access known files on the target user's system.

Systems running in Protected Mode are not affected.

The original advisory is available at:

http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=Abusing_Insecure_Features_of_Internet_Explorer

Jorge Luis Alvarez Medina and Federico Muttis from Core Security Technologies reported this vulnerability.

Impact:   A remote user can access files on the target user's system.
Solution:   The vendor has issued a fix for IE 7 and IE 8 as part of a cumulative update.

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=fc02fc7e-ee85-4377-b54c-012fa60a8c9c

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=6c7cda29-161e-49b4-976a-c718c0aa11a0

Windows Server 2003 Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=f0187b69-3ed9-494c-89f1-90a35e22078c

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=50b8ee2e-31f8-473d-83d1-822c89c28070

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=123bf547-9005-451f-9eba-97a68037304e

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=661c9528-917d-4df6-a330-c89f39dc5ce4

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=d9f5feb0-fa1a-40c1-9971-9b8af6f0b4a5

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=bed14484-7fc5-455d-b996-3192467543cc

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=a24554e8-213b-4c24-b062-ec424d64128e

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=dee5c0c0-b844-490d-8daf-6e6ec8a39e35

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=9cff9aba-7743-4c33-87c7-37d06ed60a21

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=37cd7533-ddad-4d0d-85c0-1491308e1ff8

Windows Server 2003 Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=ebab6101-fcf1-4842-b22d-893a20c1c10f

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=87e13912-f861-4985-ab9d-260a5898dfd4

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=640f9216-3e99-46b6-aac8-cd051eedad3c

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=3076d1ea-7716-4b54-8ec4-660374f14dcb

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=24ed08c7-a474-4458-8269-3b9de5e22385

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=cf84469b-ce6d-45e8-8336-7b4501c6cf91

Windows 7 for 32-bit Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=5c835885-9375-4882-a92f-4d4cfcacc005

Windows 7 for x64-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=5cfc5776-0c6b-4092-bc98-94df077c60d8

Windows Server 2008 R2 for x64-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=7c4ff5ae-eadd-431e-b982-d5f179efb8c0

Windows Server 2008 R2 for Itanium-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=52c04d85-911f-47be-852e-c9bb4934744d

A restart is required.

[Editor's note: On September 13, 2011, Microsoft reoffered the update for Microsoft Windows 2000 and Windows XP to correct a detection issue. Systems that have already been updated are not affected.]

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx

The vendor's original advisory is available at:

http://www.microsoft.com/technet/security/advisory/980088.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-035.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Thu, 04 Feb 2010 02:56:39 +0000
Subject:  Microsoft Internet Explorer (IE)


http://www.microsoft.com/technet/security/advisory/980088.mspx

CVE-2010-0255
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC