CVE-2010-0488

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 SP4, 6, 6 SP1, and 7

Description The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. An information disclosure vulnerability exists in the way that Internet Explorer handles content using specific encoding strings when submitting data. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. This could allow an attacker to view content from the local computer or another browser window in another domain or Internet Explorer zone.

Recommendations For Microsoft Internet Explorer versions 5.01 SP4, 6, 6 SP1, and 7, consider restricting access to sensitive information and avoiding the use of specific encoding strings when submitting data as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.