CVE-2009-2350

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6.0.2900.2180 and earlier

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting a Refresh header or specifying the content of a Refresh header in HTTP responses. This is due to the failure to block javascript: URIs in Refresh headers.

Recommendations For Microsoft Internet Explorer version 6.0.2900.2180 and earlier, consider disabling the execution of javascript: URIs in Refresh headers as a temporary workaround until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.