MS.IE.NavCancel.HTM.XSS

Last Updated DateDec 22, 2009
Release DateMay 14, 2007
SeverityMedium
ImpactSystem Compromise: Remote attackers can gain control of the vulnerable system.
DescriptionThis indicates an attack attempt against a cross-site scripting vulnerability
in Microsoft Internet Explorer.

A vulnerability has been reported in IE that may allow an attacker to execute
arbitrary script. This is possible because the vulnerable browser fails to properly sanitize the the argument of res: URI to navcancl.htm. An attacker may include malicious script by supplying an injection string through the URL.
Affected ProductsMicrosoft Internet Explorer 7.
Recommended ActionsApply the patch supplied by the vendor.
Common Vulnerabilities and Exposures (CVE)http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1752
Reference/shttp://www.securityfocus.com/bid/22966 (BugTraq)
http://www.vupen.com/english/advisories/2007/0946 (FrSIRT)
Reference: VID-14557