IE Vulnerability Could Allow Information Disclosure
A new Microsoft Security Advisory (here) warns of a new security vulnerability for people using IE with Windows XP or who have disabled Internet Explorer Protected Mode. Protected Mode prevents exploitation of this vulnerability and is running by default on Windows Vista, Windows 7 and Windows Server 2008.
A new Microsoft Security Advisory (here) warns of a new security vulnerability for people using IE with Windows XP or who have disabled Internet Explorer Protected Mode. Protected Mode prevents exploitation of this vulnerability and is running by default on Windows Vista, Windows 7 and Windows Server 2008.
Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2.
