FrSIRT - Microsoft Products "mhtml" Cross Domain Information Disclosure Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Microsoft Products "mhtml" Cross Domain Information Disclosure Vulnerability

Title : Microsoft Products "mhtml" Cross Domain Information Disclosure Vulnerability
Advisory ID : FrSIRT/ADV-2006-1558
CVE ID : CVE-2006-2111
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-04-27

Advisory Details

Description

Affected Products

Solution

Technical Description

A vulnerability has been identified in Microsoft Internet Explorer and Outlook Express, which could be exploited by remote attackers to bypass security restrictions and gain knowledge of sensitive information. This flaw is due to an origin validation error when handling "mhtml:" URL redirections, which could be exploited by remote attackers to read content and data served from another domain in the context of a malicious web page [...]

Solution

Disable Active Scripting in the Internet and Local intranet security zones :

- In Internet Explorer, click Internet Options on the Tools menu
- Click the Security tab
- Click Internet, and then click Custom Level
- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK
- Click Local intranet, and then click Custom Level
- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK
- If you are prompted to confirm that you want to change these settings, click Yes
- Click OK to return to Internet Explorer

Note : Disabling Active Scripting may cause some Web sites to work incorrectly.

FrSIRT is not aware of any vendor-supplied patch.

Credits

Vulnerability reported by codedreamer

ChangeLog

2006-04-27 : Initial release
2006-10-19 : Updated Affected Products

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Solaris ACL UFS File Systems Denial of Service Vulnerability
	Sun Solaris Text Editors Tag Files Local Code Execution Vulnerability
	Sun Management Center Remote Denial of Service Vulnerability
	Sun Solaris Bzip2 Archive Handling Denial of Service Vulnerability
	Sun Solaris GNU Tar Headers Handling Buffer Overflow Vulnerability
	Sun Solaris Covert Channel Local Security Bypass Vulnerability
	Sun Solaris NFS RPC Zone Denial of Service Vulnerability

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities