A vulnerability has been identified in Internet Explorer allowing malicious HTML documents such as web sites to see which components are installed.
The problem is that Internet Explorer is supposed to allowed certain components to be detected from remote, however, any component and its version can be detected by quering the CLSID using the functions "getComponentVersion" and "isComponentInstalled".
This could be exploited to learn if any vulnerable components are installed.
The vulnerability has been reported in Internet Explorer 6.0.2800.1106. Other versions may also be affected.
Solution: Disable Active Scripting, except for trusted sites.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Internet Explorer Exposure of Installed Components
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.