- Denial of service in HP StorageWorks Secure Path for Windows -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
MADRID, April 27 2006 - HP has reported a vulnerability in HP StorageWorks Secure Path for Windows. The company has not offered information about the problem, and all that is known is that it lies in the HP StorageWorks Secure Path 4 for Windows agent, potentially allowing a remote attacker to crash the service.
HP has provided an update under the name Secure Path for Windows v4.0C-SP2, available at: http://h20000.www2.hp.com/bizsupport/TechSupport/ProductRoot.jsp
To download this update, select the option "Download Drivers and Software", find "HP StorageWorks Secure Path for Windows" in "Search products", choose "HP StorageWorks Secure Path for Windows" from the list of results, choose an operating system from the list, and finally, select "Recommended Patch - Secure Path for Windows v4.0C-SP2", to download the patch.
The original HP advisory is available at:
Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information
Affected Software: Microsoft Internet Explorer 6.x
codedreamer has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.
Secunia has constructed a test, which is available at:
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
Solution: Disable active scripting support.