MS.DHTML.Edit.Control.Cross.Domain.Script.Injection
Description
This indicates a possible exploit of a "DHTML Edit Control" cross domain vulnerability through Internet Explorer.
"DHTML Edit Control" supports dynamic web site editng by means of an HTML editor. A vulnerability is reported in the DHTML editing activeX control that allows a script that is executing through execScript to access content in another domain. By persuading a victim to view a specially crafted HTML page, an attacker can spoof the web content of a web site and access its information, and also can inject malicious scripts into the local computer zone.
Affected Products
Microsoft Windows Operating Systems.
Impact
System Compromise: an attacker can spoof web content, access web site information such as cookies and take control of an affected system.
Recommended Actions
Apply security patch to the system as given in the Microsoft Security Bulletin MS05-013.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |