---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales@secunia.com ---------------------------------------------------------------------- TITLE: Internet Explorer XSS Filter Cross-Site Scripting Weakness SECUNIA ADVISORY ID: SA39578 VERIFY ADVISORY: http://secunia.com/advisories/39578/ DESCRIPTION: Microsoft has acknowledged a weakness in Internet Explorer, which can potentially be exploited by malicious people to conduct cross-site scripting attacks. The weakness is caused due to an error in the XSS Filter and can potentially be exploited to break out of a script block and execute arbitrary HTML and script code on certain web sites. This is related to vulnerability #2 in: SA38209 Successful exploitation requires control over a certain amount of content on a targeted web site. SOLUTION: Do not follow untrusted links. PROVIDED AND/OR DISCOVERED BY: David Lindsay "thornmaker" and Eduardo A. Vela Nava "sirdarckcat". ORIGINAL ADVISORY: Microsoft: http://blogs.technet.com/msrc/archive/2010/04/19/guidance-on-internet-explorer-xss-filter.aspx David Lindsay and Eduardo A. Vela Nava: http://p42.us/ie8xss/ OTHER REFERENCES: SA38209: http://secunia.com/advisories/38209/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------