Content
(MS09-019) Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability (969897)
- Type
- Logic error
- Impact of exploitation
- Information disclosure
- User Interaction
- user interaction is needed
- Attack Vector
- Information disclosure
- Rating
- Low
- CVE reference
- CVE-2009-1140,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Internet Explorer 5.01 SP4 Windows 2000 SP4,
- Internet Explorer 5.01,
- Internet Explorer 6 SP1 Windows 2000 SP4,
- Internet Explorer 6 SP1,
- Internet Explorer 6 Microsoft Windows Server 2003 SP1,
- Internet Explorer 6 Windows Server 2003 SP1,
- Internet Explorer 6 Windows Server 2003 SP1 Itanium,
- Internet Explorer 6 Windows Server 2003 SP2,
- Internet Explorer 6 Windows XP Professional X64 Edition SP2,
- Internet Explorer 6 Windows XP SP2,
- Internet Explorer 7,
- Internet Explorer 7 Windows Server 2003 SP2 Itanium,
- Internet Explorer 7 Windows 2000 SP4,
- Internet Explorer 7 Windows Vista SP1,
- Internet Explorer 7 Windows Vista X64 Edition SP1,
- Internet Explorer 7 Windows Server 2008 X64 Edition,
- Internet Explorer 7 Windows Server 2008 X32 Edition,
- Internet Explorer 7 Windows Server 2008 Itanium Edition,
- Internet Explorer 7 Windows XP SP2,
- Internet Explorer 7 Windows XP Professional X64 Edition SP2,
- Summary
- A vulnerability in Microsoft Internet Explorer may allow for the disclosure of sensitive information.
Tab Navigation
Description
A vulnerability in Microsoft Internet Explorer may allow for the disclosure of sensitive information. The flaw is specific to the method in which Internet Explorer caches certain data and erroronously allows for said cached content to be called, thereby bypassing Internet Explorer's domain restrictions. Exploitation can be achieved via a specially-crafted web page designed to target this issue.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-019) Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability (969897)
- Signature identifier:
- 6744
- Release date:
- 6/9/2009
The Remedy V-Flash of 06/09/2009 will contain remedies for this issue. Windows Server 2008 is not supported.
- Release date:
- 6/10/2009
Additional Resources
Cumulative Security Update for Internet Explorer (969897)
http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Internet Explorer may allow for the disclosure of sensitive information. The flaw is specific to the method in which Internet Explorer caches certain data and erroronously allows for said cached content to be called, thereby bypassing Internet Explorer's domain restrictions. Exploitation can be achieved via a specially-crafted web page designed to target this issue.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-019) Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability (969897)
- Signature identifier:
- 6744
- Release date:
- 6/9/2009
The Remedy V-Flash of 06/09/2009 will contain remedies for this issue. Windows Server 2008 is not supported.
- Release date:
- 6/10/2009
Additional Resources
Additional Resources -
Cumulative Security Update for Internet Explorer (969897)
http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
