Internet Explorer contains a flaw that may allow a malicious user to access documents served from another web site. The issue is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. It is possible that the flaw may allow a malicious website to access properties of a site in an arbitrary external domain in the context of the victim user's browser resulting in a loss of confidentiality.

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

• Security Tracker: 1016005
• Bugtraq ID: 17717
• Secunia Advisory ID: 19738 22477 25639
• CVE ID: 2006-2111 (see also: NVD)
• SCIP VulDB ID: 2191
• Related OSVDB ID: 35346
• Microsoft Knowledge Base Article: 929123
• VUPEN Advisory: ADV-2006-1558
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0574.html
• News Article: http://news.yahoo.com/s/pcworld/20061019/tc_pcworld/127564
  http://www.informationweek.com/news/showArticle.jhtml?articleID=199902337
  http://www.theinquirer.net/default.aspx?article=35210
• Generic Exploit URL: http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/
• Vendor URL: http://www.microsoft.com/windows/ie/default.mspx
• Microsoft Security Bulletin: MS07-034

• codedreamer