CVE-2006-5152 - Airiest Minutes
Description
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset a related issue to CVE-2006-0032.
Reference
http://www.securityfocus.com/archive/1/447516/100/0/threaded http://www.securityfocus.com/archive/1/447574/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0017.html http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0030.html http://www.osvdb.org/31328 http://www.securityfocus.com/archive/1/447509/100/0/threaded