CVE-2007-1114

medium Microsoft
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Score
21.6%
Exploitation probability in 30 days
Top 4% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Published: February 26, 2007 (7016 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

CWE

NVD-CWE-Other

Affected Products

microsoft ie

References

🔗 secunia.com 🔗 www.hardened-php.net 🔗 www.osvdb.org 🔗 www.securityfocus.com 🔗 www.securityfocus.com