Microsoft Internet Explorer XML redirect could be used to read files

ie-xml-redirect-read-files (9936) The risk level is classified as MediumMedium Risk

Description:

Microsoft Internet Explorer could allow a remote attacker to read files on another user's computer, caused by a vulnerability regarding the handling of XML file redirects. A remote attacker could create a malicious Web page that uses a file redirect to reference an external XML source, which could allow the attacker to view contents of remote XML files or portions of other files, if the path to the file on the targeted system is known.

Platforms Affected:

  • Microsoft, Internet Explorer 5.01 SP3
  • Microsoft, Internet Explorer 5.01 SP4
  • Microsoft, Internet Explorer 5.5 SP2
  • Microsoft, Internet Explorer 6
  • Microsoft, Internet Explorer 6 SP1
  • Microsoft, Windows 2000 SP3
  • Microsoft, Windows 2000 SP4
  • Microsoft, Windows 2003 Server x64
  • Microsoft, Windows 2003 Server SP1
  • Microsoft, Windows 2003 Server Itanium
  • Microsoft, Windows 2003 Server
  • Microsoft, Windows 2003 Server SP1 Itanium
  • Microsoft, Windows XP 2003 64-bit Itanium
  • Microsoft, Windows XP SP1 64-Bit Itanium
  • Microsoft, Windows XP SP2
  • Microsoft, Windows XP x64-Professional
  • Microsoft, Windows XP SP1

Remedy:

Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.

— OR —

Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.

Consequences:

Obtain Information

References: