CVE-2010-0494

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description The issue allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document. This can occur when a user drags one browser window across another. An information disclosure vulnerability also exists, which could allow script to gain access to a browser window in another domain or Internet Explorer zone by constructing a specially crafted Web page.

Recommendations For Microsoft Internet Explorer versions 6 through 8, consider disabling the ability to drag browser windows across each other as a temporary workaround until a patch is available. Restrict access to sensitive information when viewing web pages from different domains or zones to minimize the risk of information disclosure.