Microsoft Internet Explorer toStaticHTML Cross-Site-Scripting (MS11-050; CVE-2011-1252)
| Check Point Reference: | CPAI-2011-298 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS11-050 | |
| Industry Reference(s): | CVE-2011-1252 | |
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
|
||
| Vulnerability Description An information disclosure vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could inflict cross-site scripting on the user, allowing the attacker to execute script in the user's security context against a site that is using the toStaticHTML API. |
||
|
Update/Patch Available Apply patches from Microsoft Security Bulletin MS11-050 |
|
|
Vulnerability Details This is an information disclosure vulnerability. The vulnerability exists in the way that the toStaticHTML API included in Internet Explorer handles content using specific strings when sanitizing HTML. An attacker who exploited the vulnerability when a user views a Web page that uses the toStaticHTML API could execute scripts in the user's security context against that site. |
Protection Overview
This protection detects and prevents attempts to exploit this vulnerability.
To configure the defense, select your product from the list below and follow the related protection steps.