Oval Definition:	oval:org.mitre.oval:def:7840
Revision Date: 2014-08-18 Version: 47 Title: Post Encoding Information Disclosure Vulnerability Description: Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2010-0488 Platform(s): Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Definition Synopsis Internet Explorer 5.01 Service Pack 4 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Internet Explorer 5.01 SP4 is installed AND Mshtml.dll version is less than 5.0.3886.1900 OR Internet Explorer 6 on Windows 2000 - RTMGDR Microsoft Windows 2000 is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2800.1646 OR Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.3676 OR Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.5945 OR Internet Explorer 6 on XP x64, Server 2003 x86/x64/ia64 XP x64/server 2003 x86/x64/ia64 Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4672 OR Internet Explorer 7 on XP x86/x64 - GDR XP x86/x64 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.16000 AND Mshtml.dll version is less than 7.0.6000.17023 OR Internet Explorer 7 on XP x86/x64 - QFE XP x86/x64 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21228 OR Internet Explorer 7 on Server 2003 x86/x64/ia64 - GDR Server 2003 x86/x64/ia64 Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.16000 AND Mshtml.dll version is less than 7.0.6000.17023 OR Internet Explorer 7 on Server 2003 x86/x64/ia64 - QFE Server 2003 x86/x64/ia64 Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21228 OR Internet Explorer 7 on Vista x86/x64 - GDR Vista x86/x64 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.16000 AND Mshtml.dll version is less than 7.0.6000.17037 OR Internet Explorer 7 on Vista x86/x64 - LDR Vista x86/x64 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21242 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 - GDR Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6001.16000 AND Mshtml.dll version is less than 7.0.6001.18444 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 - LDR Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22653 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 - GDR Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6002.18000 AND Mshtml.dll version is less than 7.0.6002.18226 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 - LDR Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22360
BACK