CVE-2009-2064

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 8

Description The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This is achieved by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Recommendations For Microsoft Internet Explorer version 8, consider disabling the ability to load http content in https web pages as a temporary workaround until a patch is available. Restrict access to http sites that can be used to include malicious script files in iframes to minimize the risk of exploitation.