CVE-2007-1114 Information

Description

The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag which allows remote attackers to conduct cross-site scripting (XSS) attacks as demonstrated using the UTF-7 character set.

Reference

http://secunia.com/advisories/24314 http://www.hardened-php.net/advisory_032007.142.html http://www.osvdb.org/32119 http://www.securityfocus.com/archive/1/461076/100/0/threaded http://www.securityfocus.com/bid/22701 http://www.vupen.com/english/advisories/2007/0744