Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Internet Explorer and is prone to cross site scripting vulnerability. This NVT has been replaced by NVT secpod_ms10-071.nasl (OID:1.3.6.1.4.1.25623.1.0.901162).

Impact

Successful exploitation will allow remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-071.mspx

Insight

The flaw is due to error in the 'toStaticHTML()' which is not properly handling the 'Cascading Style Sheets (CSS)'.

Affected

Microsoft Internet Explorer version 8.x to 8.0.6001.18702

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html
http://www.wooyun.org/bug.php?action=view&id=189

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3324

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
Apple Mac OS X Multiple Vulnerabilities - 02 Jan14
Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Win)
Apple iTunes Multiple Vulnerabilities - Apr10
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)

Take action and discover your vulnerabilities