Signature Detail

HTTP: Internet Explorer Shell Web Folder

This signature detects Web pages with Web folders pointing to a client-side folder using the shell URI scheme. Attackers can use a malicious Web page containing a client-side Web folder to install arbitrary files in sensitive locations on the client filesystem, such as the startup folder. However, a specially crafted Web site could be using a client-side Web folder legitimately.

Extended Description

Microsoft Internet Explorer is reported prone to a vulnerability that may allow unauthorized installation of malicious executables. Proof-of-concepts have been released to demonstrate a vulnerability that may be exploited to entice a victim user to install a file on a victim's computer with some degree of user interaction. Specifically, an executable may be embedded in a Web page and presented as an image object to the user. Another frame can be loaded that references a folder on the victim's file system via the anchorClick style behavior. The page will be obfuscated in such a way as to disguise the fact that when the user clicks on the image object it will implicitly drag it to the folder that has been specified. It has been demonstrated that various other measures may be taken to limit the amount of user interaction required but the exploit hinges on the user interacting via mouse events with an object within the Web page that represents an executable to cause the executable to be moved to the folder that has been loaded in the obfuscated secondary frame. An attacker may exploit this vulnerability to influence a target victim into unknowingly installing software in a location on the computer such as the startup foler. If the malicious executable is placed in the startup folder, it will run when the system is restarted.

Affected Products

• Avaya DefinityOne Media Servers
• Avaya IP600 Media Servers
• Avaya Modular Messaging (MSS) 1.1.0
• Avaya Modular Messaging (MSS) 2.0.0
• Avaya S3400 Message Application Server
• Avaya S8100 Media Servers
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server
• Microsoft Windows 98
• Microsoft Windows 98SE
• Microsoft Windows ME
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP 64-bit Edition Version 2003
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Home
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional
• Microsoft Windows XP Tablet PC Edition SP1
• Microsoft Windows XP Tablet PC Edition SP2
• Microsoft Windows XP Tablet PC Edition
• Nortel Networks IP softphone 2050
• Nortel Networks Mobile Voice Client 2050
• Nortel Networks Optivity Telephony Manager (OTM)
• Nortel Networks Symposium Web Center Portal (SWCP)
• Nortel Networks Symposium Web Client

References

• BugTraq: 11466
• BugTraq: 10973
• CVE: CVE-2005-0053
• CVE: CVE-2004-0839
• URL: http://seclists.org/lists/bugtraq/2004/Aug/0324.html
• URL: http://msdn.microsoft.com/workshop/author/behaviors/reference/behaviors/anchor.asp