A security bypass vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a design error when performing redirection of the file:// URIs in a web page. Remote attackers can exploit this vulnerability by pursuing target users to visit a maliciously crafted web page.

Successful exploitation would result in disclosure of arbitrary files on the affected client system and being rendered as HTML content thereby executing any script content they might contain.

• Microsoft Internet Explorer (5.01, 6.0, 7.0, 8)

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is NONE
• Impact of this vulnerability on data availability is NONE

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is UNAVAILABLE
• The report confidence level of this vulnerability is CONFIRMED