>> Microsoft Internet Explorer Information Disclosure and HTA File Execution Vulnerabilities
Title : Microsoft Internet Explorer Information Disclosure and HTA File Execution Vulnerabilities VUPEN ID : VUPEN/ADV-2006-2553 CVE ID : CVE-2006-3280 - CVE-2006-3281
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-06-27
Technical Description
Two vulnerabilities have been identified in Microsoft Internet Explorer, which could be exploited by attackers to bypass security restrictions or execute arbitrary commands.
The first issue is due to an origin validation error when handling the "object.documentElement.outerHTML" property, which could be exploited by remote attackers to read content and data served from another domain in the context of a malicious web page.
The second vulnerability is due to an error when handling directories with CLSID extensions, which could be exploited by attackers to trick a user into executing a malicious HTA file via a specially crafted web page or file share.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
