JVN#63901692
Internet Explorer vulnerable to information disclosure
Overview
Internet Explorer contains an information disclosure vulnerability.
Products Affected
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
Description
Internet Explorer contains an issue in handling XML files, which may result in information disclosure.
Impact
If a user opens a specially crafted XML file as a local file, other local files may be disclosed.
Solution
Upgrade the software
Users of Windows 7 and later, Windows Server 2008 R2 and later, are recommended to upgrade to Internet Explorer 10.
Apply a workaround
The following workaround may mitigate the affects of this vulnerability.
- Do not save untrusted files onto local disks.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2013.06.07
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
| Exploit Complexity | little to no expertise and/or luck required to exploit (cross-side scripting).Expected to be the common response |
|
Credit
Isayama Takayoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2013-000053 |