Signature Detail

HTTP: Internet Explorer .hta Execution

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can use a malicious crafted HTML page, causing Internet Explorer to bypass security checks. A user, browsing this HTML page, can accidentally launch MSHTA.EXE from this site; thereby allowing the attacker to run their code of choice in the user's context on the victim's system.

Extended Description

Microsoft Internet Explorer is affected by an unspecified remote vulnerability. This vulnerability affects Internet Explorer 6.0 running on Microsoft Windows 98, Windows XP, and Windows Server 2003. A successful attack may allow remote attackers to execute HTA applications in the context of targeted users. This may allow remote attackers to execute code and potentially to compromise affected computers. Due to a lack of information, further details cannot be provided. This BID will be updated when more information becomes available.

Affected Products

• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 For Windows 2000
• Microsoft Internet Explorer 5.0.1 For Windows 95
• Microsoft Internet Explorer 5.0.1 For Windows 98
• Microsoft Internet Explorer 5.0.1 For Windows NT 4.0
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• BugTraq: 17181
• CVE: CVE-2006-1388
• URL: http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx