Signature Detail
Short Name |
HTTP:STC:IE:ZONE-BYPASS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer Popup Window Zone Bypass |
Release Date |
2014/05/15 |
Update Number |
2375 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Internet Explorer Popup Window Zone Bypass
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Extended Description
Internet Explorer does not properly handle object types, when rendering malicious popup windows. This may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer receives a response from the server when a malicious popup window containing an object tag is parsed. Proper parameter checks of the type of file being loaded are not performed on the object type contained within HTTP response received from the web server.
Affected Products
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
References
- BugTraq: 8556
- CVE: CVE-2003-0838