Well, here we are again. A few weeks after Microsoft pushed out a critical patch to all versions of Internet Explorer, Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies provided details of another attack against the beleaguered browser. This time, an attacker “may be able to access files with an already known file name and location.” If that sounds a bit scary, it should. It falls into a class of attacks called “Local File Disclosure” and can be exploited by sending the victim to a malicious site at attempts to access files stored on your computer. The attacks leverage different design features of Internet Explorer that can be combined to do serious damage. Secunia has rated this as “Moderately critical“
So what versions are vulnerable this time? Basically all versions of IE on Windows 2000, Windows XP, and Windows 2003 Server (with Enhanced Security Configuration disabled). Protected Mode – a feature of Internet Explorer on Vista, Windows 7, and Windows 2008, prevents the attack from succeeding.
The Microsoft Security Advisory (980088) does contain a few workarounds for those stuck on a vulnerable platform:
- Disable Active Scripting for the Internet Zone
- Enable Network Protocol Lockdown for the file:// protocol (Windows XP only)
So far there are no known attacks in the wild, but we recommend that you take steps to protect your computers if using a vulnerable version.