Intrusion Prevention

MS.IE.CSS.Import

Description

This indicates a possible exploit of a Cascading Style Sheets Cross Site Scripting vulnerability in Internet Explorer.
Microsoft Internet Explorer is vulnerable to a Cascading Style Sheets Cross-Site Scripting attack. If the victim system is running Google Desktop, it is possible for an attacker to gain access to any file. The issue is due to IE interpreting anything after curly braces as valid CSS. A malicious attacker can use this vulnerability to gain access to Google Desktop's searching feature to download any file on the affected system.

Affected Products

Microsoft Internet Explorer 6.0 SP2
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0.

Impact

System compromise: disclosure or modification of data.

Recommended Actions

Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version if available.