[Japanese]

JVNDB-2010-000011

Internet Explorer information disclosure vulnerability

Overview

Internet Explorer contains an information disclosure vulnerability.

Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability.

Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


Microsoft Corporation
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 5.01

Impact

When a user opens specially crafted web page, an attacker may be able to obtain sensitive information.
Solution

[Update the software]
Apply the update according to the information provided by the developer.
Vendor Information

Microsoft Corporation
  • Microsoft Security Bulletin : MS10-018
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-0488
References

  1. JVN : JVN#49467403
  2. National Vulnerability Database (NVD) : CVE-2010-0488
  3. IPA SECURITY ALERTS : 20100331-ms10-018 (Japanese)
  4. US-CERT Cyber Security Alerts : SA10-089A
  5. US-CERT Technical Cyber Security Alert : TA10-089A
  6. SecurityFocus : 39028
  7. SecurityTracker : 1023773
  8. VUPEN Security : VUPEN/ADV-2010-0744
Revision History

[2010/04/08]
  Web page published