Info

Disclosure

Aug 08, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 08, 2006

Description

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user accesses a web page that contains a malicious script that persists across navigation between pages, which will disclose window location of visited web pages in other domains resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Disable active scripting.

Products

Microsoft Corporation	Internet Explorer	5.0x
		6.0
		6.0 SP1

References

Security Tracker: 1016663
Bugtraq ID: 19339
CVE ID: 2006-3640 (see also: NVD)
Secunia Advisory ID: 21396
Related OSVDB ID: 27851 27852 27853 27854 27855
Microsoft Knowledge Base Article: 918899
VUPEN Advisory: ADV-2006-3212
Keyword: aka "Window Location Information Disclosure Vulnerability."
News Article: http://www.techworld.com/security/news/index.cfm?newsID=6581
Microsoft Security Bulletin: MS06-042

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/27850

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit