Summary
This host is installed with Internet Explorer and is prone to Information Disclosure vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary codes in the context of the web browser and can reveal sensitive information of the remote user through the web browser.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
For updates refer to http://www.microsoft.com/windows/internet-explorer/download-ie.aspx
Insight
An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes temporary footprint when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message.
Affected
Microsoft Internet Explorer version 8 Beta2 and prior on Windows.
References
Severity
Classification
-
CVE CVE-2008-5912 -
CVSS Base Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N
Related Vulnerabilities
- Brekeke PBX Cross-Site Request Forgery Vulnerability
- Sambar sendmail /session/sendmail
- Axis Commerce HTML Injection Vulnerability
- PmWiki Table Feature 'width' Parameter Cross-site scripting vulnerability
- Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability