Intrusion Prevention



This indicates an attack attempt against a remote Window Injection vulnerability in Microsoft Internet Explorer.
A vulnerability has been reported in IE that may allow an attacker to trick the victim. This is possible because the browser fail to properly sanitize value of the "target" tag which can be used to link to another web site. An attacker may hijack the window accessed by user in the trusted site and carry out phishing attacks.

Affected Products

Internet Explorer 5.01 through 6
Internet Explorer 7 on windows xp sp2


Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References