---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Internet Explorer File Upload Form Keystroke Event Cancel Vulnerability SECUNIA ADVISORY ID: SA20449 VERIFY ADVISORY: http://secunia.com/advisories/20449/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to trick users into disclosing sensitive information. For more information: SA20442 The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected. SOLUTION: Disable Active Scripting support. Do not enter suspicious text when visiting untrusted web sites. OTHER REFERENCES: SA20442: http://secunia.com/advisories/20442/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------