davidh
February 5th, 2010, 07:11 PM
Information Disclosure Vulnerability in Internet Explorer
Share |
Published: 2010-02-03,
Last Updated: 2010-02-04 02:54:07 UTC
by Johannes Ullrich (Version: 1)
8 comment(s)
Microsoft just publish KB Article 980088 [1] in response to the recently announced vulnerability in Internet Explorer. Microsoft confirms that it is possible for a malicious website to read files from the clients computer. All versions of Windows and Internet Explorer appear to be affected.
There is currently no patch for this problem. Microsoft advices users to set the Internet and Local Intranet security zone settings to "High". This will cause a prompt before running ActiveX Controlls and active scripting.
The attacker needs to know the file name. However, a typical target for this vulnerability would be a configuration file which is typically located at a predictable location.
[1] http://www.microsoft.com/technet/security/advisory/980088.mspx
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Setting Internet Zone security to high also happens to block file downloads in my Firefox. FWIW I am tempted to set it high anyway because I use other 3rd party apps that use MS IE "under the hood".
Share |
Published: 2010-02-03,
Last Updated: 2010-02-04 02:54:07 UTC
by Johannes Ullrich (Version: 1)
8 comment(s)
Microsoft just publish KB Article 980088 [1] in response to the recently announced vulnerability in Internet Explorer. Microsoft confirms that it is possible for a malicious website to read files from the clients computer. All versions of Windows and Internet Explorer appear to be affected.
There is currently no patch for this problem. Microsoft advices users to set the Internet and Local Intranet security zone settings to "High". This will cause a prompt before running ActiveX Controlls and active scripting.
The attacker needs to know the file name. However, a typical target for this vulnerability would be a configuration file which is typically located at a predictable location.
[1] http://www.microsoft.com/technet/security/advisory/980088.mspx
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Setting Internet Zone security to high also happens to block file downloads in my Firefox. FWIW I am tempted to set it high anyway because I use other 3rd party apps that use MS IE "under the hood".