Georgi Guninski has reported that a two year old vulnerability has been reintroduced in Microsoft Internet Explorer and can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to insufficient cross-site restrictions when handling XML documents in some situations. This can be exploited on e.g. a malicious web site to view well-formed XML documents on arbitrary servers in the context of a user's session.
Solution:
- Disable Active Scripting support.
- Use another browser.