Rule

--
Sid
11834

--
Summary:
This event is generated when an attempt is made to exploit a known vulnerability in .

--
Impact:
Medium

--
Detailed Information:
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link.

--
Affected Systems:
  7.0

--
Attack Scenarios:


--
Ease of Attack:


--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:


--
Contributors:
Sourcefire Vulnerability Research Team
This document was generated from data supplied by the National Vulnerability Database. A product of the National Institute of Standards and Technology.
For more information see http://nvd.nist.gov/

--
Additional References:

--
