icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Microsoft Internet Explorer 6 SV 1 XHTML Comment User Confirmation Bypass

Medium

Synopsis

The remote host is vulnerable to a script injection attack.

Description

The remote host is running Internet Explorer 6 SV1, the version that is part of Windows XP SP2. It is reported that the user confirmation asked before to load client-side JavaScript and ActiveX embedded in web pages can be trivially bypassed. An attacker may run malicious script on the remote host.

Solution

Upgrade or patch according to vendor recommendations.