Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities

Summary
The host is installed with Internet Explorer and is prone to anti-xss filter vulnerabilities.
Impact
Successful exploitation will let the attacker execute arbitrary codes in the context of the application and can perform the XSS attacks on the remote hosts without any consent of IE. Impact Level: Application/Network
Solution
Solution/Patch not available as on 16th December 2008. For further updates refer, http://www.microsoft.com/windows/downloads/ie/getitnow.mspx
Insight
These flaws are due to, - Injections facilitated by some HTTP headers are not currently blocked. - Injections into some contexts are not blocked where contents can be injected directly into JavaScript without breaking out a string. - Allowing access to the attacker to inject XSS string in 2 different HTML positions. - It lets the attacker execute XSS attacks using CRLF sequence in conjunction with a crafted Content-Type header.
Affected
Windows Platform with Internet Explorer 8.0 Beta 2
References