Microsoft IE MHTML Redirection Local File Parsing (MhtRedirParsesLocalFile)

2003-11-25T00:00:00
ID OSVDB:3144
Type osvdb
Reporter OSVDB
Modified 2003-11-25T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw that allows remote attackers to parse files on a vulnerable system. The flaw is due to mishandling of content in the Mhtml_File_Uri if it's not found. In such a case, IE will check Original_Resource_Uri which can be pointed to a local file.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Internet Explorer contains a flaw that allows remote attackers to parse files on a vulnerable system. The flaw is due to mishandling of content in the Mhtml_File_Uri if it's not found. In such a case, IE will check Original_Resource_Uri which can be pointed to a local file.

References:

Secunia Advisory ID:10289 Other Advisory URL: http://www.safecenter.net/UMBRELLAWEBV4/MhtRedirParsesLocalFile/MhtRedirParsesLocalFile-Content.htm Keyword: aka MhtRedirParsesLocalFile Keyword: 1stCleanRc ISS X-Force ID: 13845 Bugtraq ID: 9107