Intrusion Prevention

MS.IE.HTML.Cross.Domain.Security.Bypass

Description

This indicates an attempt to exploit a Security Bypass vulnerability in Microsoft Internet Explorer(IE).
The vulnerability is a result of the software's failure to properly sanitize HTML elements that can be used by malicious scripts. An attacker may be able to steal private information by tricking a user into accessing a malicious web page.

Affected Products

Internet Explorer 6
Internet Explorer 6 Service Pack 1
Internet Explorer 7

Impact

Security Bypass: Remote attackers can bypass the security of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms08-058.mspx

CVE References

CVE-2008-3472