PT-2009-4779 · Microsoft · Internet Explorer
Published
2009-07-07
·
Updated
2018-10-10
·
CVE-2009-2350
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Internet Explorer version 6.0.2900.2180 and earlier
Description
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting a Refresh header or specifying the content of a Refresh header in HTTP responses. This is due to the failure to block javascript: URIs in Refresh headers.
Recommendations
For Microsoft Internet Explorer version 6.0.2900.2180 and earlier, consider disabling the execution of javascript: URIs in Refresh headers as a temporary workaround until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Internet Explorer