Signature Detail

HTTP: Internet Explorer Cache createRange

This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. IE 5.5 and 6.0 are vulnerable; IE 5 SP2 and 6.0 SP1 are not vulnerable. IE does not confirm that multiple open browser windows are operating in the proper security zones; attackers can obtain sensitive information from the host cache.

Extended Description

Successful exploitation of the vulnerability could enable a remote attacker to read sensitive files on a victim's local machine, steal cookies, deface web pages, and execute arbitrary commands with the privileges of the user running IE.

References

• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln2678.html
• URL: http://www.securityfocus.com/archive/1/296626/2002-10-19/2002-10-25/0