Vigil@nce - Windows Essentials: information disclosure via Proxy
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious url with
Windows Essentials Writer, to edit the proxy configuration, in
order to obtain sensitive information.
– Impacted products: Windows 2008, Windows 7, Windows 8, Windows
Vista, Windows XP
– Severity: 2/4
– Creation date: 15/05/2013
DESCRIPTION OF THE VULNERABILITY
The Windows Essentials software suite contains Writer to publish
blog messages. A proxy can be configured to access to the internet.
An attacker can invite the victim to open a malicious url with
Windows Essentials Writer, to edit the proxy configuration, in
order to obtain sensitive information.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-Essentials-information-disclosure-via-Proxy-12823