JVN#49467403
Internet Explorer information disclosure vulnerability
Overview
Internet Explorer contains an information disclosure vulnerability.
Products Affected
- Internet Explorer 7
- Internet Explorer 6
- Internet Explorer 5.01
Description
Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability.
Impact
When a user opens specially crafted web page, an attacker may be able to obtain sensitive information.
Solution
Update the software
Apply the update according to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
The security update for this vulnerability is contained in the Microsoft Security Bulletin MS10-018.Vulnerability Analysis by JPCERT/CC
Analyzed on 2010.04.07
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
| Exploit Complexity | Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2010-0488 |
| JVN iPedia |
JVNDB-2010-000011 |