Microsoft Internet Explorer Multiple Vulnerabilities

Last Update Date: 14 Dec 2011 14:53 Release Date: 14 Dec 2011 4586 Views

RISK: High Risk

TYPE: Clients - Browsers

XSS Filter Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that contains malicious JavaScript code. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.
Internet Explorer Insecure Library Loading Vulnerability
A remote code execution vulnerability exists in the way that Internet Explorer handles the loading of DLL files. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Content-Disposition Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to force the browser to perform unexpected actions when a user downloads Web content, allowing an attacker to view content from a different domain or Internet Explorer zone other than the domain or zone of the attacker's Web page.