Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:IE:COMPINST-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Internet Explorer "isComponentInstalled()" Stack Overflow

Release Date

 2006/03/01

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Internet Explorer "isComponentInstalled()" Stack Overflow


This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer 6.0. Attackers can download a maliciously crafted Web page containing a call to the isComponentInstalled JavaScript method with an overly long parameter, thereby causing the client to download and execute arbitrary code.

Extended Description

Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability in the 'IsComponentInstalled()' method. A successful exploit results in arbitrary code execution in the context of the user running the browser. This issue was reportedly addressed in Windows 2000 SP4 and Windows XP SP1, but this has not been confirmed. Internet Explorer 6 is vulnerable to this issue; earlier versions may also be affected.

Affected Products

  • Microsoft Internet Explorer 6.0

References

  • BugTraq: 16870
  • CVE: CVE-2006-1016
  • URL: http://www.frsirt.com/exploits/20060228.ie_iscomponentinstalled.pm.php

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out