Description:
Two vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose sensitive information.
1) An error in URLMON when handling redirections can be exploited to bypass domain restrictions and disclose the content of arbitrary local files.
This is related to vulnerability #1 in:
SA35362 2) An error when handling the "data" parameter of a dynamically created object can be exploited to disclose the content of arbitrary local files.
Successful exploitation of the vulnerabilities requires that the full path to a target file is known prior to the attack.
The vulnerabilities are reported in Internet Explorer 5.01, 6, 7, and 8.