[Japanese]
|
JVNDB-2010-000062
|
Internet Explorer vulnerable to cross-site scripting
|
Microsoft Internet Explorer contains a cross-site scripting vulnerability due to the way file types are determined.
Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Microsoft Corporation
- Microsoft Internet Explorer 6
- Microsoft Internet Explorer 7
- Microsoft Internet Explorer 8
- Microsoft Windows 7
- Microsoft Windows 7 (x64)
- Microsoft Windows Vista SP1 and SP2
- Microsoft Windows Vista (x64) SP1 and SP2
- Microsoft Windows XP sp3 SP3
- Microsoft Windows XP (x64) SP2
|
|
An arbitrary script may be executed.
|
[Update the Software]
Apply the latest update according to the information provided by Microsoft.
|
Microsoft Corporation
FUJITSU
- FUJITSU Security Information : TA10-348A (Japanese)
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
- CVE-2010-3342
|
- JVN : JVN#62275332
- National Vulnerability Database (NVD) : CVE-2010-3342
- Secunia Advisory : SA42091
- SecurityFocus : 45256
- VUPEN Security : VUPEN/ADV-2010-3214
|
- [2010/12/15]
Web page published
|