Secunia

A vulnerability has been identified in Internet Explorer, which exposes sensitive information to "msn.com" and "alexa.com".

While this is a known "feature" when the "Show Related Links" option is activated in Internet Explorer, there is a bug, so that Internet Explorer will keep transmitting the information to "msn.com" and "alexa.com" after "Show Related Links" has been de-activated. This occurs whenever "Ctrl+R" is used to reload a page.

To make matters worse, it has been confirmed that this behaviour also affects SSL enabled pages. One thing is that Microsoft has chosen to make a "feature", which reveals this information to "msn.com" and "alexa.com", but the fact that information, which was supposed to be protected by SSL and sent only to one site, is sent in plain text to a third party ("msn.com" and "alexa.com") is of great concern.

The data transmitted to "msn.com" and "alexa.com" is the complete URL. In some cases this could contain sensitive information such as username, password, session id, search string, "secret paths", and more.

The vulnerability has been confirmed for Internet Explorer 6 on Windows 2000 and Windows XP with all Service Packs and hotfixes.

It is Microsoft that controls who else than "msn.com" should receive this information. Microsoft could at any time choose to send this information to another party than "alexa.com".

Solution
The vulnerability has been fixed in Windows XP SP2.
Further details available in Customer Area

Provided and/or discovered by
Mike Shepherd

Changelog
Further details available in Customer Area

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area