vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Script-Injection
94
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 8
Affected Version To: Internet Explorer 7
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008
Microsoft Internet Explorer Script-Injection Vulnerability
Microsoft Internet Explorer is prone to a script-injection vulnerability when handling specially crafted requests to 'acr_error.htm' via the 'res://' protocol. The file resides in the 'ieframe.dll' dynamic-link library. An attacker may leverage this issue to execute arbitrary code in the context of a user's browser. Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim's computer, and launch other attacks.
Mitigation:
Users should avoid visiting untrusted websites and should not click on links provided by unknown or untrusted sources.
