Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft Internet Explorer 6 SV 1 XHTML Comment User Confirmation Bypass

Medium

Synopsis

The remote host is vulnerable to a script injection attack.

Description

The remote host is running Internet Explorer 6 SV1, the version that is part of Windows XP SP2. It is reported that the user confirmation asked before to load client-side JavaScript and ActiveX embedded in web pages can be trivially bypassed. An attacker may run malicious script on the remote host.

Solution

Upgrade or patch according to vendor recommendations.