Key Vulnerability Information Vulnerability Note: VU#652452 Title: Microsoft Internet Explorer does not adequately validate javascript: protocol URL Original Release Date: 2003-11-19 Last Revised: 2004-05-13 Overview Microsoft Internet Explorer (IE) insufficiently validates protocol URLs, allowing an attacker to execute arbitrary code with user privileges. Impact Script execution in the Local Machine Zone Read or modify data in other web sites (cookies, content, etc.) Solution 1. Apply patch: Apply the patch for MS03-048 or a more recent cumulative patch. 2. Disable Active scripting and ActiveX controls. 3. Apply the Outlook Email Security Update. 4. Maintain updated antivirus software. 5. Use a different web browser. References Safe Center Content Microsoft Security Bulletin MSDN: and Methods Metadata CVE ID: CVE-2003-0816 Severity Metric: 56.04 Date Public: 2003-09-10 Date First Published: 2003-11-19 Date Last Updated: 2004-05-13 19:41 UTC