Signature Detail
Short Name |
HTTP:STC:IE:STYLESHEET-OF |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Internet Explorer Style Sheet Overflow |
Release Date |
2006/08/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Internet Explorer Style Sheet Overflow
This signature detects Web pages containing dangerous multiple CSS sheet imports. A malicious Web site can exploit a known vulnerability in Microsoft Internet Explorer and gain control of the client browser.
Extended Description
Microsoft Internet Explorer is prone to remote code-execution vulnerability. This issue is related to how the browser handles chained CSS (Cascading Style Sheets). An attacker could exploit this issue to execute arbitrary code in the context of the user visiting a malicious web page. This issue affects Internet Explorer on Windows 2000, Windows XP (excluding XP SP2), and Windows Server 2003.
Affected Products
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Nortel Networks CallPilot 1002Rp
- Nortel Networks CallPilot 200I
- Nortel Networks CallPilot 201I
- Nortel Networks CallPilot 702T
- Nortel Networks CallPilot 703T
- Nortel Networks Centrex IP Client Manager
- Nortel Networks Centrex IP Element Manager
- Nortel Networks Contact Center - Agent Desktop Display
- Nortel Networks Symposium Agent
References
- BugTraq: 19316
- CVE: CVE-2006-3451
- URL: http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx