Signature Detail

HTTP: Shell.Application File Installation Weakness

This signature detects attempts to exploit a known vulnerability in the Shell.Application ActiveX Object of Microsoft Internet Explorer (IE). IE 6.0 and earlier are vulnerable. Attackers can trick users into downloading a malicious VBScript and executing the script locally. Successful exploits can enable attackers to execute commands on the local host.

Extended Description

Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that may allow for further attacks. In conjunction with other vulnerabilities, execution of attacker-supplied binaries may also be possible. In particular, it is reported possible to alter the registry to allow for previously patched vulnerabilities to be exploitable again. Exploitation of this weakness typically requires other vulnerabilities to redirect the browser into the Local Zone (or other appropriate Security Zone). Other attack vectors also exist, such as enticing a user to download an HTML document to their system then opening it with the Web browser. HTML email may also provide an attack vector for this weakness (in combination with other vulnerabilities). Cross-site scripting and HTML injection vulnerabilities in Web applications may also provide a surreptitious attack vector in unsuspecting clients.

Affected Products

• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• BugTraq: 10652
• CVE: CVE-2004-0420
• URL: http://www.securityfocus.com/archive/1/367881
• URL: http://www.microsoft.com/technet/security/bulletin/MS04-024.mspx