Check Point Advisories

Preemptive Protection against Microsoft Internet Explorer SafeHTML Cross-Site Scripting (MS11-074)

Check Point Reference: CPAI-2011-409
Date Published: 13 Sep 2011
Severity: High
Last Updated: Saturday 01 January, 2011
Source: Microsoft Security Bulletin MS11-074
Industry Reference:CVE-2011-1252
Protection Provided by:
Who is Vulnerable? Internet Explorer 8
Vulnerability Description An information disclosure vulnerability has been reported in Internet Explorer. A remote attacker may exploit this vulnerability to perform cross-site scripting attacks and run script in the security context of the logged-on user.
Update/Patch AvaliableApply patches from:
MS11-074
Vulnerability DetailsThe vulnerability is due to an error in the waythat the SafeHTML function sanitizes HTML in Internet Explorer. To exploit this issue, an attacker must have the ability to submit a specially crafted script to a target site. Successful exploitation of this vulnerability could allow the attacker to execute a cross-site scripting attack on the user, allowing the attacker to execute script in the user's security context.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK