Microsoft Internet Explorer toStaticHTML Cross Site Scripting

Research

Home >> Research>> Microsoft Internet Explorer toStaticHTML Cross Site Scripting

TSL ID	FSC20100608-06
CVE ID(s)	CVE-2010-1257
Severity	High
Description	A vulnerability exists in Microsoft Internet Explorer that may allow remote attackers to execute Cross Site Scripting attacks within a target user's browser. The vulnerability is due to insufficient validation of HTML code. Remote attackers can exploit this vulnerability by enticing the target user to view a Web page that uses the tostaticHTML API. Successful exploitation of this vulnerability could lead to information disclosure and execution of arbitrary script code within the context of the target user's browser. The vendor, Microsoft, has published an advisory regarding this vulnerability: http://www.microsoft.com/technet/security/bulletin/MS10-035.mspx
Affected Products	Microsoft Internet Explorer 8
CVSS Score	Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Access vector is NETWORK Access complexity is MEDIUM Level of authentication required is NONE Impact of this vulnerability on data confidentiality is PARTIAL Impact of this vulnerability on data integrity is PARTIAL Impact of this vulnerability on data availability is PARTIAL Temporal 5.0 (E:U/RL:OF/RC:C): The exploitability level of this vulnerability is UNPROVEN The remediation level of this vulnerability is OFFICIAL FIX The report confidence level of this vulnerability is CONFIRMED