Signature Detail

HTTP: Microsoft Windows Folder GUID Code Execution1

This signature detects attempts to exploit a known vulnerability in Microsoft Windows. The vulnerability is caused by an error during the handling of directories containing CLSID extensions. An attacker can exploit this vulnerability by enticing a user into executing a malicious HTA file via a specially crafted web page or file share. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.