CVE-2009-0404

Name of the Vulnerable Software and Affected Versions htmLawed versions 1.1.3 through 1.1.4

Description The issue allows remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute, which is processed by Internet Explorer 7. This is due to multiple cross-site scripting (XSS) vulnerabilities.

Recommendations For versions 1.1.3 and 1.1.4, consider disabling the processing of CSS expressions in the style attribute as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.