[Japanese]
|
JVNDB-2010-000063
|
Internet Explorer vulnerable to cross-site scripting
|
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
Takeshi Terada and Yutaka Kokubu from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Microsoft Corporation
- Microsoft Internet Explorer 6
- Microsoft Internet Explorer 7
- Microsoft Internet Explorer 8
- Microsoft Windows 7
- Microsoft Windows 7 (x64)
- Microsoft Windows Vista SP1 and SP2
- Microsoft Windows Vista (x64) SP1 and SP2
- Microsoft Windows XP sp3 SP3
- Microsoft Windows XP (x64) SP2
|
|
An arbitrary script may be executed.
|
[Update the Software]
Apply the latest update according to the information provided by Microsoft.
|
Microsoft Corporation
FUJITSU
- FUJITSU Security Information : TA10-348A (Japanese)
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
- CVE-2010-3342
|
- JVN : JVN#30273074
- National Vulnerability Database (NVD) : CVE-2010-3342
- Secunia Advisory : SA42091
- SecurityFocus : 45256
- VUPEN Security : VUPEN/ADV-2010-3214
|
- [2010/12/15]
Web page published
|