CVE-2007-4478

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6.0 through 7.0

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML in the local zone via a URI. This occurs when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content.

Recommendations For Microsoft Internet Explorer versions 6.0 through 7.0, consider disabling the ability to save documents from URLs to local files as a temporary workaround until a patch is available. Restrict access to local files that may contain URI strings to minimize the risk of exploitation.