Signature Detail

HTTP: Internet Explorer Cross Domain Information Disclosure (CVE-2009-1140)

This signature detects attempts to exploit a known vulnerability against Internet Explorer. An attacker could create a malicious Web page that can bypass the security zone restriction in Internet Explorer. A successful attack allows the attacker to have read access to all contents in the local machine without prompts.

Extended Description

Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks.

Affected Products

• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 7.0

References

• CVE: CVE-2009-1140