SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer May Disclose Contents of the Temporary Internet Files Folder to Remote Users
SecurityTracker Alert ID:  1017374
SecurityTracker URL:  http://securitytracker.com/id/1017374
CVE Reference:   CVE-2006-5577, CVE-2006-5578   (Links to External Site)
Date:  Dec 12 2006
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01 SP4, 6
Description:   A vulnerability was reported in Microsoft Internet Explorer. A remote user can obtain information from the Temporary Internet Files (TIF) folder on the target system.

A remote user can create specially crafted HTML that, when loaded and interacted with by the target user, will be able to retrieve files from the target user's TIF folder [CVE-2006-5577, CVE-2006-5578].

Internet Explorer 7 is not affected.

Microsoft credits Yorick Koster of ITsec Security Services with reporting one of these vulnerabilities.

Impact:   A remote user can obtain files from the target user's Temporary Internet Files folder.
Solution:   The vendor has issued the following fixes as part of a cumulative update for Internet Explorer:

Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1D28E62C-09D3-4F38-BEA3-3FC501449D29

Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=3CFC32FC-85CA-4EDA-890D-5E359F5F0019

Microsoft Internet Explorer 6 for Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B321744-B55E-4696-8B2C-B1D31672DA06

Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8D841D1B-D0B1-46AF-87BD-7DAA8C31AF39

Microsoft Internet Explorer 6 for Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=3E3A9693-D21B-4214-A16C-3FC22340E600

Microsoft Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9E3F7A2C-BFE1-48C5-8A8A-64A06BCDF219

Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F56065CE-6D28-479B-80A7-E04022454DE9

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-072.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms06-072.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents

Date:  Tue, 12 Dec 2006 14:14:25 -0500
Subject:  Microsoft Security Bulletin MS06-072: Cumulative Security Update for Internet Explorer (925454)


http://www.microsoft.com/technet/security/bulletin/ms06-072.mspx

CVE-2006-5579
CVE-2006-5581
CVE-2006-5578
CVE-2006-5577
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC