Signature Detail
Short Name |
HTTP:STC:IE:DHTML-HANDLER-RACE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
DHTML Object Handling Race Condition |
Release Date |
2005/04/12 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: DHTML Object Handling Race Condition
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can create a malicious HTML file that, when downloaded, exploits a race condition and might allow arbitrary code execution.
Extended Description
A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites. This issue presents itself the affected application attempts to process certain script objects, a race condition may lead to the execution of attacker-supplied code.
Affected Products
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
References
- BugTraq: 13120
- CVE: CVE-2005-0553
- CVE: CVE-2005-0555
- URL: http://www.kb.cert.org/vuls/id/774338