Signature Detail

HTTP: Internet Explorer ftp:// Handler Insecure Script Execution

This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. Because the IE ftp:// handler performs insecure checking, attackers can craft a malicious Web page that executes JavaScript on the client machine when a linked is clicked.

Extended Description

A cross site scripting issue has been reported with some versions of Microsoft Internet Explorer for Windows. Under some configurations, data included within a FTP URL will be rendered as displayed content, allowing the execution of arbitrary JavaScript code within the Local Computer context. If both of the 'Enable folder view for FTP sites' and 'Enable Web content in folders' options are enabled, this vulnerability exists. These options are enabled by default. When a folder is being viewed through FTP, the FTP server name is included in the Web Content information displayed. The FTP server name is not sanitized. A malicious link may define a server name which includes HTML content, including script code. When displayed, this script code will execute within the Local Computer context. This vulnerability has been confirmed to exist under Windows 2000. Other versions of Windows may share this vulnerability. This has not, however, been confirmed.

Affected Products

• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0

References

• BugTraq: 4954
• CVE: CVE-2002-2062
• URL: http://www.securityfocus.com/archive/1/275776
• URL: http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html