SecurityvulnsSECURITYVULNS:DOC:6964[SA12765] Microsoft Internet Explorer Disclosure of Sensitive XML Information
TITLE:
Microsoft Internet Explorer Disclosure of Sensitive XML Information
SECUNIA ADVISORY ID:
SA12765
VERIFY ADVISORY:
http://secunia.com/advisories/12765/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 6
http://secunia.com/product/11/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
DESCRIPTION:
Georgi Guninski has reported that a two year old vulnerability has
been reintroduced in Microsoft Internet Explorer and can be exploited
by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to insufficient cross-site
restrictions when handling XML documents in some situations. This can
be exploited on e.g. a malicious web site to view well-formed XML
documents on arbitrary servers in the context of a user's session.
SOLUTION:
Disable Active Scripting support.
Use another browser.
PROVIDED AND/OR DISCOVERED BY:
Originally discovered by:
GreyMagic Software
Rediscovered by:
Georgi Guninski
ORIGINAL ADVISORY:
GreyMagic Software:
http://www.greymagic.com/security/advisories/gm009-ie/
Georgi Guninski:
http://www.guninski.com/where_do_you_want_billg_to_go_today_1.html
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.