Signature Detail

HTTP: Microsoft Internet Explorer URI Redirection Security Bypass

A security bypass vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a design error when performing redirection of the Successful exploitation would result in disclosure of arbitrary files on the affected client system and being rendered as HTML content thereby executing any script content they might contain.

Extended Description

Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Affected Products

• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 8

References

• BugTraq: 38055
• CVE: CVE-2010-0555
• CVE: CVE-2010-0255