An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error when content is rendered from local files in such a manner that exposes information to malicious websites.

An attacker can exploit this vulnerability by enticing a user to download certain files and subsequently using those files to reveal information from the compromised host.

The vendor, Microsoft, has released information regarding this vulnerability, which is available at:

http://www.microsoft.com/technet/security/advisory/980088.mspx

• Microsoft Internet Explorer 5.01
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 8

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is NONE
• Impact of this vulnerability on data availability is NONE

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is UNAVAILABLE
• The report confidence level of this vulnerability is CONFIRMED