Signature Detail

TROJAN: JECT Trojan in HTTP Session

This signature detects web pages and web data containing the Ject Trojan. Ject is a multipart Javascript Trojan that loads itself by first creating a harmless empty dialog box in the Trusted Security Zone and then loads arbitrary code into that box. It bypasses the normal IE security model via the same method used in the Scob Trojan.

Extended Description

Microsoft Internet Explorer is prone to a vulnerability that may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone. It is possible to exploit this issue by passing a dynamically created IFrame to a modal dialog. This vulnerability could be exploited in combination with a number of other security issues, such as the weakness described in BID 10472. The end result of successful exploitation is execution of arbitrary code in the context of the client user. It may also be possible to exploit this vulnerability to access properties of a foreign domain, allowing for other types of attacks that compromise sensitive or private information associated with a domain of the attacker's choosing.

Affected Products

• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• CVE: CVE-2004-0549
• URL: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_JECT.A
• URL: http://securityresponse.symantec.com/avcenter/venc/data/download.ject.html
• URL: http://www.microsoft.com/security/incident/download_ject.mspx