BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Internet Explorer Shift JIS Character Encoding Vulnerability

Disclosed April 9, 2011    Fully Patched

Vulnerability Description:

Internet Explorer contains a cross-site scripting vulnerability that can be used to execute arbitrary script code in a user’s browser. This is caused by a character processing flaw, when parsing Shift JIS encoded characters.

Vendors:

Microsoft

Vulnerable Software/Devices:

Internet Explorer 6, 7, 8, and 9

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Information Disclosure
Information Disclosure By convincing a user to click on a specially crafted link, an attacker could execute script commands within the context of the user's browser.

BeyondTrust Prevention and Detection:


Mitigation:

Apply appropriate patch from MS11-057.

Links:

CVE(s):

None

Leave a Reply