vulnerability note CVE-2009-4074

Internet Explorer 8: Cross Site Scripting of the anti-XSS

Synthesis of the vulnerability

An attacker can use the Anti Cross Site Scripting feature of Internet Explorer 8, in order to create a Cross Site Scripting attack.

Severity: 1/4. Creation date: 09/12/2009.

Description of the vulnerability

The Anti Cross Site Scripting feature of Internet Explorer 8 changes pages on the fly, in order to block Cross Site Scripting attacks. However, an attacker can use this feature to generate a Cross Site Scripting. Technical details are unknown.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Internet Explorer 8: Cross Site Scripting of the anti-XSS. Keywords: Anti Cross Explorer Internet Scripting Site anti-XSS. Identifiers: 978207, BID-37135, CVE-2009-4074, MS10-002, VIGILANCE-VUL-9254. Pointed by: VIGILANCE-VUL-9375.

Information sources

Publications and announces Source example: Major IE8 flaw makes 'safe' sites unsafe

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service