Intrusion Prevention

MS.IE.OuterHTML.Redirection.Handling.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in Microsoft Internet Explorer.
The vulnerability is located in the "outerHTML" property. It may allow attackers to access arbitrary websites in the context of a targeted user's browser session. This may allow attackers to perform actions in web applications with the privileges of exploited users or to gain access to potentially sensitive information.

Affected Products

Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1
Nortel Networks CallPilot 1002rp
Nortel Networks CallPilot 200i
Nortel Networks CallPilot 201i
Nortel Networks CallPilot 702t
Nortel Networks CallPilot 703t
Nortel Networks Centrex IP Client Manager
Nortel Networks Centrex IP Element Manager
Nortel Networks Contact Center - Agent Desktop Display
Nortel Networks Contact Center - Symposium Agent

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
Microsoft Internet Explorer 6.0 SP1
Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB918899)
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=C335CAA9-B9E6-403D-A039-2D3DCA723653
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB918899)
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=5C2A23AC-3F2E-4BEC-BE16-4B45B44C6346
Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB918899)
Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=0CE7F66D-4D83-4090-A034-9BBE286D96FA
Microsoft Internet Explorer 6.0
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB918899)
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=20288DA2-A308-45C6-BD80-C68C997529BD
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB918899)
Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=663F1E83-BDC0-4EC6-A263-398E7222C9B5
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB918899)
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=5C2A23AC-3F2E-4BEC-BE16-4B45B44C6346
Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB918899)
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=CDB85BCA-0C17-44AA-B74E-F01B5392BB31
Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB918899)
Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=0CE7F66D-4D83-4090-A034-9BBE286D96FA
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB918899)
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=0DE3F143-19A6-4F22-B53B-B6A7DA33DAF4

CVE References

CVE-2006-3280