virus logo Intrusion Prevention

MS.IE.XMLHttpRequest.Http.Header.Overwrite

description-logoDescription

This indicates an attempt to exploit an information-disclosure vulnerability in Microsoft IE.
The vulnerability is caused by some errors in the implementation of XMLHttpRequest. An attacker can overwrite the "Host" and other HTTP header fields by using some insecure methods of XMLHttpRequest object. It allows remote attackers to steal private information by tricking a user into viewing a malicious web page which calls these insecure methods.

affected-products-logoAffected Products

Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 SP4
Internet Explorer 6 SP1 when installed on Microsoft Windows 2000 SP4
Internet Explorer 6 for Windows XP SP2 and SP3
Internet Explorer 6 for Windows XP Professional x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 SP1 and SP2
Internet Explorer 6 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 for Windows XP SP2 and SP3
Internet Explorer 7 for Windows XP Professional x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 SP1 and SP2
Internet Explorer 7 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 in Windows Vista and Internet Explorer 7 in Windows Vista SP1
Internet Explorer 7 in Windows Vista x64 Edition and SP1
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems
Internet Explorer 7 in Windows Server 2008 for x64-based Systems
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms08-031.mspx

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 15661
Created Jun 10, 2008
Updated Jan 13, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2008-1544
Exploit Prediction Score 94.84%
Default Action drop
Active
Affected OS Windows
Affected App IE