When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Cross Site Scripting Vulnerability in Microsoft WebBrowser Control

Neowin ·

Thanks Jimmy Daniels for emailing us. A universal cross-site scripting vulnerability exists in Microsoft's WebBrowser control that an attacker can exploit that can result in elevated privileges and session hijacking of the MSN Messenger client. This vulnerability stems from an error in the validation code in the dialogArguments property. The following software are affected:

  • Microsoft Internet Explorer
  • Microsoft Outlook
  • Microsoft Outlook Express
  • All application that host the WebBrowser control (IE 6.0 or newer).
There is no patch available for this issue yet, however, user could disable scripting as a pre-caution until the patch is available.

News source: Security Administrator - Cross Site Scripting Vulnerability in Microsoft WebBrowser Control

View: More information at Thor Larholm security advisory

Report a problem with article
Next Article

Turning red over Klez virus

Previous Article

Dreamweaver MX Screenshots