CVE-2013-3166

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 10

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to information disclosure. This can occur through vectors involving incorrect auto-selection of the Shift JIS encoding, resulting in cross-domain scrolling events. An attacker could exploit this by constructing a specially crafted webpage, allowing them to view content from another domain or Internet Explorer zone if a user views the webpage.

Recommendations For Microsoft Internet Explorer versions 6 through 10, consider disabling the Shift JIS character encoding auto-selection feature as a temporary workaround until a patch is available. Restrict access to potentially malicious webpages to minimize the risk of exploitation. Avoid using Internet Explorer to view untrusted webpages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.