CVE-2008-5556

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 8.0 Beta 2

Description The issue concerns a problem with the XSS Filter in Microsoft Internet Explorer, where it fails to recognize certain attack patterns when web pages are encoded with utf-7. This allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. The vendor has reportedly disputed this issue, stating that the behavior is by design.

Recommendations For Microsoft Internet Explorer version 8.0 Beta 2, consider disabling the utf-7 encoding support as a temporary workaround to minimize the risk of exploitation. However, since the vendor considers this behavior as by design, there might not be a direct fix or update to resolve this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.