Info

Disclosure

Apr 28, 2006

Discovery

Unknown

Dates

Exploit

Apr 28, 2006

Solution

Jul 06, 2007

Description

Internet Explorer contains a flaw that may allow a malicious user to access documents served from another web site. The issue is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. It is possible that the flaw may allow a malicious website to access properties of a site in an arbitrary external domain in the context of the victim user's browser resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation	Internet Explorer	6.0
		7.0

References

Security Tracker: 1016005
Bugtraq ID: 17717
Secunia Advisory ID: 19738 22477 25639
CVE ID: 2006-2111 (see also: NVD)
SCIP VulDB ID: 2191
Related OSVDB ID: 35346
Microsoft Knowledge Base Article: 929123
VUPEN Advisory: ADV-2006-1558
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0574.html
News Article: http://news.yahoo.com/s/pcworld/20061019/tc_pcworld/127564
http://www.informationweek.com/news/showArticle.jhtml?articleID=199902337
http://www.theinquirer.net/default.aspx?article=35210
Generic Exploit URL: http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/
Vendor URL: http://www.microsoft.com/windows/ie/default.mspx
Microsoft Security Bulletin: MS07-034

Credit

codedreamer -

Direct URL: http://osvdb.org/25073

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit