virus logo Intrusion Prevention

MS.IE.Window.Location.Handling.Cross.Domain.Script.Execution

description-logoDescription

This indicates an attempt to exploit a cross-domain script execution vulnerability in Internet Explorer.
This vulnerability may allow an attacker to execute JavaScript code on a vulnerable system. This is because an error exists in Internet Explorer when it handles the "location" property of the "window" object. An attacker may steal sensitive information or execute JavaScript code by tricking the victim into viewing a malicious web page that exploits this vulnerability.

affected-products-logoAffected Products

Internet Explorer 6

Impact logoImpact

System Compromise: remote attackers can inject arbitrary web scripts or HTML.

recomended-action-logoRecommended Actions

Upgrade to Internet Explorer 7, available from the following website:
http://www.microsoft.com/windows/downloads/ie/getitnow.mspx?WT.srch=1

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html http://secunia.com/advisories/30851/ http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt http://secunia.com/advisories/30857/
ID 15682
Created Jul 22, 2008
Updated Feb 09, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2008-2947
Exploit Prediction Score 94.96%
Default Action drop
Active
Affected OS Windows
Affected App IE