Detections
Analytics
Microsoft Internet Explorer 6 SV 1 XHTML Comment User Confirmation Bypass
medium Log Correlation Engine Plugin ID 800806
Synopsis
The remote host is vulnerable to a script injection attack.Description
The remote host is running Internet Explorer 6 SV1, the version that is part of Windows XP SP2. It is reported that the user confirmation asked before to load client-side JavaScript and ActiveX embedded in web pages can be trivially bypassed. An attacker may run malicious script on the remote host.Solution
Upgrade or patch according to vendor recommendations.Plugin Details
Severity: Medium
ID: 800806
Family: Web Clients
Reference Information
CVE: CVE-2004-1686
BID: 11200