Intrusion Prevention

MS.IE.XMLHttpRequest.Http.Header.Overwrite

Description

This indicates an attempt to exploit an information-disclosure vulnerability in Microsoft IE.
The vulnerability is caused by some errors in the implementation of XMLHttpRequest. An attacker can overwrite the "Host" and other HTTP header fields by using some insecure methods of XMLHttpRequest object. It allows remote attackers to steal private information by tricking a user into viewing a malicious web page which calls these insecure methods.

Affected Products

Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 SP4
Internet Explorer 6 SP1 when installed on Microsoft Windows 2000 SP4
Internet Explorer 6 for Windows XP SP2 and SP3
Internet Explorer 6 for Windows XP Professional x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 SP1 and SP2
Internet Explorer 6 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 for Windows XP SP2 and SP3
Internet Explorer 7 for Windows XP Professional x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 SP1 and SP2
Internet Explorer 7 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 in Windows Vista and Internet Explorer 7 in Windows Vista SP1
Internet Explorer 7 in Windows Vista x64 Edition and SP1
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems
Internet Explorer 7 in Windows Server 2008 for x64-based Systems
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms08-031.mspx

CVE References

CVE-2008-1544