Intrusion Prevention

MS.IE.HTML.Element.Cross.Domain.Security.Bypass

Description

This indicates an attempt to exploit a security bypass-vulnerability in Microsoft Internet Explorer (IE).
A vulnerability has been reported in IE that may allow an attacker to bypass some security checking on a vulnerable system. This is possible because the vulnerable software fails to properly sanitize the HTML element used by malicious scripts. An attacker may access some insceure HTML elements or steal private information by tricking the user to access a malicious web page.

Affected Products

Internet Explorer 6
Internet Explorer 6 Service Pack 1
Internet Explorer 7

Impact

Security Bypass: Remote attackers can bypass security checking of the vulnerable system.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms08-058.mspx

CVE References

CVE-2008-3472