Signature Detail
Short Name |
HTTP:STC:IE:6-ADDRESS-BAR-SPOOF |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer 6 Address Bar Spoofing |
Release Date |
2012/12/12 |
Update Number |
2210 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Internet Explorer 6 Address Bar Spoofing
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer 6.0 SP2. A malicious attacker may trick a normal user to visit an unintended webpage that may result in arbitrary code execution.
Extended Description
Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. The issue is due to a failure of the affected application to properly handle specially crafted HTML anchor URI tags and various form tags. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location. This vulnerability is reported to affect Internet Explorer 6 SP2, other versions might also be affected. This issue is similar to BID 10023.
References
- BugTraq: 11565
- CVE: CVE-2004-1104