Intrusion Prevention

Multiple.Web.Browsers.Window.Injection

Description

This indicates an attack attempt against a remote Window Injection vulnerability in Microsoft Internet Explorer.
A vulnerability has been reported in IE that may allow an attacker to trick the victim. This is possible because the browser fail to properly sanitize value of the "target" tag which can be used to link to another web site. An attacker may hijack the window accessed by user in the trusted site and carry out phishing attacks.

Affected Products

Internet Explorer 5.01 through 6
Internet Explorer 7 on windows xp sp2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2004-1155