Secunia
Login
|
|
CVE Reference: CVE-2010-0255 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2010-0255 |
|
|
Description: Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. |
|
|
CVE Status: Candidate |
|
|
References: OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7145 OSVDB 62156 MS http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx MISC http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag http://isc.sans.org/diary.html?n&storyid=8152 CONFIRM http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx http://www.microsoft.com/technet/security/advisory/980088.mspx http://support.avaya.com/css/P8/documents/100089747 CERT http://www.us-cert.gov/cas/techalerts/TA10-159B.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/509345/100/0/threaded BID 38055 38056 |
|
| Return to the previous page. |
