MS09-023: Vulnerability in Windows Search Could Allow Information Disclosure (963093)
Medium Nessus Plugin ID 39345
SynopsisA vulnerability in Windows Search may lead to information disclosure.
DescriptionThe remote Windows host contains a version of Windows Search that has a flaw in the way it uses MSHTML (a.k.a. Trident) to render HTML content that could result in information disclosure. If an attacker can trick a user on the affected host into putting a specially crafted HTML file on the system or in an indexed mail box and get the user to perform a specific search, the issue could be leveraged to disclose information, forward user data to a third party, or access any data on the affected systems that was accessible to the logged-on user.
SolutionMicrosoft has released a set of patches for Windows XP and 2003.