in Security

Now, that didn’t take long, did it…?

Internet Explorer 7 “mhtml:” Redirection Information Disclosure

Secunia Advisory: SA22477
Release Date: 2006-10-19

Less critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: Microsoft Internet Explorer 7.x

This advisory is currently marked as unpatched!
– Companies can be alerted when a patch is released!

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the handling of redirections for URLs with the “mhtml:” URI handler. This can be exploited to access documents served from another web site.

Leave a Reply


  • Spiegel Online, kannst Du mich hören? by Heiko Hebig |

    […] Subscribe to the feed About the author Heiko Hebig lives and works in Hamburg, Germany. While I have been affiliated with various Internet consultancies and software companies, opinion expressed here is strictly private. Questions? Comments? Send me an . » more about me » Technorati Profile Current location You are here: Home > Weblog Archive > Spiegel Online, kannst Du mich hören? Earlier entry: « Burda Video Day 2006 Later entry: » La Fonera free in Germany and Austria Spiegel Online, kannst Du mich hören? posted on 19. October 2006 at 10:23 AMtagged with: ie7 , rss IE 7 ist nun final und verschluckt sich immer noch an RSS-Feeds mit DTDs. Das hat zur Folge, daß die RSS-Ansicht von Spiegel Online im IE 7 nicht darstellbar ist. Guckt Euch mal FOCUS Online an; die Problemlösung ist relativ trivial. Comments to this weblog entry: Considering this, it’s maybe not the best idea to use IE7 just yet, anyway ;) posted by Frank Koehntopp on October 19, 2006 1:39 PM TrackBack URL for this entry: Post a new comment If you want to leave a comment, I would like to know who you are. Your email address will not appear on the site as plain text – so spam bots can’t harvest your address. Your IP will be logged. If you think this imposes an invasion of your privacy, do not leave a comment. LinkSpam and/or commercial messages will be deleted. […]