CVE-2008-3474

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 7

Description The issue allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document. This is due to the improper determination of the domain or security zone of origin of web script. An attacker could exploit this by constructing a specially crafted Web page, potentially leading to information disclosure if a user views the Web page.

Recommendations For Microsoft Internet Explorer versions 6 through 7, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to sensitive information when browsing untrusted websites. Avoid using Internet Explorer to access sensitive data until the issue is resolved.