Intrusion Prevention

MS.IE.Window.Location.Handling.Cross.Domain.Script.Execution

Description

This indicates an attempt to exploit a cross-domain script execution vulnerability in Internet Explorer.
This vulnerability may allow an attacker to execute JavaScript code on a vulnerable system. This is because an error exists in Internet Explorer when it handles the "location" property of the "window" object. An attacker may steal sensitive information or execute JavaScript code by tricking the victim into viewing a malicious web page that exploits this vulnerability.

Affected Products

Internet Explorer 6

Impact

System Compromise: remote attackers can inject arbitrary web scripts or HTML.

Recommended Actions

Upgrade to Internet Explorer 7, available from the following website:
http://www.microsoft.com/windows/downloads/ie/getitnow.mspx?WT.srch=1

CVE References

CVE-2008-2947