MS.IE7.navcancl.htm.XSS

description-logoDescription

This indicates an attack attempt against a Cross Site Scripting vulnerability in Microsoft Internet Explorer 7.
The vulnerability is a result of the application's failure to sanitize user supplied data. It can be exploited via a specially crafted URI sent to "navcancl.htm", with an arbitrary URL as an argument. It allows a remote attacker to spoof the contents of a canceled page, steal cookie based authentication credentials and obtain other sensitive information.

affected-products-logoAffected Products

Microsoft Internet Explorer 7.0
Nortel Networks Centrex IP Client Manager 8.0
Nortel Networks Centrex IP Client Manager 7.0
Nortel Networks Centrex IP Client Manager 9.0
HP Storage Management Appliance 2.1
Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya CIE 1.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Information Spoofing: Remote attackers can spoof data of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrades or patches from the vendor.
http://www.microsoft.com/download/en/default.aspx

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)