Signature Detail
Short Name |
HTTP:STC:IE:CONT-LOC-ZON-BYPASS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Internet Explorer Content Location Security Zone Bypass |
Release Date |
2004/11/23 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Internet Explorer Content Location Security Zone Bypass
This signature detects attempts to circumvent a security zone feature that warns when executable files are downloaded. WindowsXP Service Pack 2 and Internet Explorer 6 are vulnerable. Attackers can trick a user into downloading a file that the user did not know was executable. Similarly, viruses and worms can use this method to download themselves onto target computers.
Extended Description
Microsoft Internet Explorer is reported prone to a file download security warning bypass vulnerability. This issue may be exploited to download a malicious file to the client system. When a URI location is not found the user usually receives a 404 error message. It is reported that this issue allows an attacker to create a custom HTTP 404 error message and use the 'execCommand' method to save a Web page to the local system. By enticing a user to follow a malicious link the attacker can plant malicious files on vulnerable systems in order to execute malicious code.
Affected Products
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
References
- BugTraq: 11686
- CVE: CVE-2004-1331
- URL: http://www.kb.cert.org/vuls/id/743974