Microsoft Internet Explorer Object Tag TIF Folder Information Disclosure Vulnerability

2006-12-12T00:00:00
ID SMNTC-21507
Type symantec
Reporter Symantec Security Response
Modified 2006-12-12T00:00:00

Description

Description

Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may aid in further attacks.

Technologies Affected

  • Avaya Messaging Application Server
  • Avaya S8100 Media Servers
  • Avaya S8100 Media Servers R10
  • Avaya S8100 Media Servers R11
  • Avaya S8100 Media Servers R12
  • Avaya S8100 Media Servers R6
  • Avaya S8100 Media Servers R7
  • Avaya S8100 Media Servers R8
  • Avaya S8100 Media Servers R9
  • HP Storage Management Appliance 2.1
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.0.1
  • Microsoft Internet Explorer 5.0.1 SP1
  • Microsoft Internet Explorer 5.0.1 SP2
  • Microsoft Internet Explorer 5.0.1 SP3
  • Microsoft Internet Explorer 5.0.1 SP4
  • Microsoft Internet Explorer 5.0.1 SP4
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1

Recommendations

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources.

Set web browser security to disable the execution of script code or active content.
Since a successful exploit of this issue requires active scripting to be enabled, disable active scripting. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.

Microsoft has released a fix to address this issue. Please see the references for more information.