This application requires Javascript for optimal performance.

MS.IE.NavCancel.HTM.XSS

Release Date

May 14, 2007

Severity

medium

Impact

System Compromise: Remote attackers can gain control of the vulnerable system.

Description

This indicates an attack attempt against a cross-site scripting vulnerability
in Microsoft Internet Explorer.

A vulnerability has been reported in IE that may allow an attacker to execute
arbitrary script. This is possible because the vulnerable browser fails to properly sanitize the the argument of res: URI to navcancl.htm. An attacker may include malicious script by supplying an injection string through the URL.

Affected Products

Microsoft Internet Explorer 7.

Recommended Actions

Apply the patch supplied by the vendor.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2007-1752
CVE-2007-1499

Reference/s

http://www.frsirt.com/english/advisories/2007/0946 (FrSIRT)
http://www.securityfocus.com/bid/22966 (BugTraq)

Reference: VID-14557