• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability

Bugtraq ID:	28667
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 07 2008 12:00AM
Updated:	Apr 08 2008 03:58AM
Credit:	0x000000 # The Hacker Webzine
Vulnerable:	Microsoft Internet Explorer 7.0.5730 .11 Microsoft Internet Explorer 7.0 beta3 Microsoft Internet Explorer 7.0 beta2 Microsoft Internet Explorer 7.0 beta1 Microsoft Internet Explorer 7.0 + 3DM Software Disk Management Software SP2 + Microsoft Windows Server 2003 Itanium SP2 + Microsoft Windows Server 2003 x64 SP2 + Microsoft Windows Server 2008 for 32-bit Systems SP2 + Microsoft Windows Server 2008 for 32-bit Systems 0 + Microsoft Windows Server 2008 for Itanium-based Systems SP2 + Microsoft Windows Server 2008 for Itanium-based Systems 0 + Microsoft Windows Server 2008 for x64-based Systems SP2 + Microsoft Windows Server 2008 for x64-based Systems 0 + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Ultimate + Microsoft Windows Vista SP2 + Microsoft Windows Vista SP1 + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista x64 Edition SP2 + Microsoft Windows Vista x64 Edition SP1 + Microsoft Windows Vista x64 Edition 0 + Microsoft Windows XP Embedded SP3 + Microsoft Windows XP Home SP3 + Microsoft Windows XP Media Center Edition SP3 + Microsoft Windows XP Professional SP3 + Microsoft Windows XP Professional x64 Edition SP2 + Microsoft Windows XP Tablet PC Edition SP3
Not Vulnerable:	Microsoft Internet Explorer 8 Beta 1