 A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerability is caused due to an error in the DHTML Edit ActiveX control
when handling the "execScript()" function in certain situations. This
can be exploited to execute arbitrary script code in a user's browser session
in context of an arbitrary site.
Secunia has constructed a test, which can be used to check if your browser
is affected by this issue:
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/
The vulnerability has been confirmed on a fully patched system with Internet
Explorer 6.0 and Microsoft Windows XP SP1/SP2.
SOFTWARE:
Microsoft Internet Explorer 6
SOLUTION:
Set security level to high for the "Internet" zone (disable ActiveX
support).
PROVIDED AND/OR DISCOVERED BY:
Paul
| 
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
