Release DateMay 14, 2007 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of the vulnerable system. |
DescriptionThis indicates an attack attempt against a cross-site scripting vulnerabilityin Microsoft Internet Explorer. A vulnerability has been reported in IE that may allow an attacker to execute arbitrary script. This is possible because the vulnerable browser fails to properly sanitize the the argument of res: URI to navcancl.htm. An attacker may include malicious script by supplying an injection string through the URL. |
Affected ProductsMicrosoft Internet Explorer 7. |
Recommended ActionsApply the patch supplied by the vendor. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-1752CVE-2007-1499 |
Reference/shttp://www.frsirt.com/english/advisories/2007/0946 (FrSIRT)http://www.securityfocus.com/bid/22966 (BugTraq) |
