CVE-2007-1114

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 7

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks by exploiting the default charset inheritance of child frames from the parent window when a charset is not specified. This can be demonstrated using the UTF-7 character set.

Recommendations For Microsoft Internet Explorer version 7, consider specifying a charset in the HTTP Content-Type header or META tag to prevent the default charset from being inherited by child frames, thereby minimizing the risk of cross-site scripting attacks.