Microsoft IE Iframe Folder Delete Weakness

2006-02-28T08:02:35
ID OSVDB:23608
Type osvdb
Reporter cyber flash()
Modified 2006-02-28T08:02:35

Description

Vulnerability Description

Microsoft IE contains a flaw that may allow a malicious user to trick users into performing certain actions on local resources. The issue is triggered when network shares are included in an iframe occurs. It is possible that the flaw may allow an attacker to trick users into performing certain actions on local folders and files resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft IE contains a flaw that may allow a malicious user to trick users into performing certain actions on local resources. The issue is triggered when network shares are included in an iframe occurs. It is possible that the flaw may allow an attacker to trick users into performing certain actions on local folders and files resulting in a loss of confidentiality.

References:

Secunia Advisory ID:19057