Intrusion Prevention

MS.IE.Malformed.Image.XSS

Description

This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in Microsoft Internet Explorer.
The vulnerability allows a remote attacker to execute an arbitrary script in a victim's web browser with the privileges of the application. This can be done via HTML in corrupted images and other files such as .GIF, JPG, and WAV. The HTML is rendered when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.

Affected Products

Microsoft Internet Explorer 6.0

Impact

System compromise: remote script execution.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.
http://www.microsoft.com

CVE References

CVE-2005-3312