CVE-2003-0446

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.5 through 6.0

Description: The issue allows remote attackers to insert arbitrary web script via an XML file that contains a parse error. This error causes the script to be inserted in the resulting error message, potentially leading to cross-site scripting (XSS).

Recommendations: For Internet Explorer versions 5.5 through 6.0, consider disabling the processing of XML files to minimize the risk of exploitation until a patch is available. Restrict access to components that may be used by other Microsoft products to reduce the attack surface.