An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.

Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.

The test will try to read content from http://www.google.com/ in the context of your browser.

Start the test:



Result (The result of the test will be displayed below)



Credits
The test is based on Proof of Concept code by Plebo Aesdi Nael.

Please view the Secunia advisory below for information about how you can fix or mitigate the impact of this vulnerability. Secunia will continuously update the Secunia advisory when more information becomes available.

- SA20825 Internet Explorer Information Disclosure and HTA Application Execution

Companies have the option of requesting a Secunia account for immediate notification when a patch is released by Microsoft.

Request Secunia Account

In order to protect yourself, it is a very good idea to stay informed about the latest threats from vulnerabilities in the software you are using.

Secunia offers a free weekly newsletter, which covers the latest threats from vulnerabilities.

To sign-up for the Secunia Weekly Summary, please enter your email address in the field below and submit the form:

Email Address: