JVN#63901692
Internet Explorer vulnerable to information disclosure
Overview
Internet Explorer contains an information disclosure vulnerability.
Products Affected
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
Description
Internet Explorer contains an issue in handling XML files, which may result in information disclosure.
Impact
If a user opens a specially crafted XML file as a local file, other local files may be disclosed.
Solution
Upgrade the software
Users of Windows 7 and later, Windows Server 2008 R2 and later, are recommended to upgrade to Internet Explorer 10.
Apply a workaround
The following workaround may mitigate the affects of this vulnerability.
- Do not save untrusted files onto local disks.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2013.06.07
Measures | Conditions | Severity |
---|---|---|
Access Required | can be attacked over the Internet using packets |
|
Authentication | anonymous or no authentication (IP addresses do not count) |
|
User Interaction Required | the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
Exploit Complexity | little to no expertise and/or luck required to exploit (cross-side scripting).Expected to be the common response |
|
Credit
Isayama Takayoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
|
JVN iPedia |
JVNDB-2013-000053 |