Signature Detail

HTTP: Microsoft Internet Explorer URL Encoded Characters Parsing Information Disclosure

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to information disclosure. Attackers can exploit this issue to obtain sensitive information that may lead to future attacks.

Extended Description

A vulnerability exists in Microsoft Internet Explorer that can allow for a violation of the same origin policy. When MSIE is evaluating whether access across windows should be permitted, the domain of the parent window is compared to the child. A vulnerability in this process has been reported that is related to the handling of HTTP usernames included in the URL. If the username value is suffixed with "%2f", MSIE will not remove the username when performing the same-origin check. Therefore it is possible to bypass the check if a username is included in a URL that matches the domain of the parent window and is appended with "%2f".

Affected Products

• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 For Windows 2000
• Microsoft Internet Explorer 5.0.1 For Windows 95
• Microsoft Internet Explorer 5.0.1 For Windows 98
• Microsoft Internet Explorer 5.0.1 For Windows NT 4.0
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 Preview
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• BugTraq: 5610
• CVE: CVE-2002-1186