VULHUB ™

An issue exists in handling of HTTP redirects in the Microsoft XMLHTTP ActiveX component. When a server responds to a XMLHTTP request with a redirect, the XMLHTTP method will access the content at the location of the redirect without considering the URL protocol. If the redirect is to a file on the user's filesystem, the contents of the file will become available to the script code that invoked the ActiveX object. This could lead to a disclosure of sensitive information to remote attackers.

An issue exists in handling of HTTP redirects in the Microsoft XMLHTTP ActiveX component. When a server responds to a XMLHTTP request with a redirect, the XMLHTTP method will access the content at the location of the redirect without considering the URL protocol. If the redirect is to a file on the user's filesystem, the contents of the file will become available to the script code that invoked the ActiveX object. This could lead to a disclosure of sensitive information to remote attackers.