CVE-2001-1325

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.0 through 5.5 Outlook Express versions 5.0 through 5.5

Description: The issue allows remote attackers to execute scripts even when Active Scripting is disabled. This is achieved by including scripts in XML stylesheets (XSL) referenced using an IFRAME tag. The problem may be related to a vulnerability in Windows Scripting Host (WSH).

Recommendations: For Internet Explorer versions 5.0 through 5.5, consider disabling the use of IFRAME tags that reference XML stylesheets until a fix is available. For Outlook Express versions 5.0 through 5.5, restrict the processing of XML stylesheets referenced by IFRAME tags to minimize the risk of script execution.