HTTP: Multiple Web Browsers Window Injection
This signature detects attempts to exploit a known vulnerability against multiple web browsers. The issue arises when victim visits a malicious site via their browser and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a popup window from the trusted site that can be influenced by the attacker's site. A successful exploit may allow a remote attacker to carry out phishing attacks.
Extended Description
Microsoft Internet Explorer is reported prone to a vulnerability that may allow a website to hijack the contents of a trusted window. This issue may allow a remote attacker to carry out phishing attacks. This issue arises as a user visits a malicious site and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a popup window from the trusted site that can be influenced by the attacker's site. If the attack is successful, the contents of the target site's window can be spoofed, resulting in phishing attacks.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:BROWSER-WINDOW-INJECTION
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Browsers CVE-2004-1155 Injection Multiple Web Window bid:11855
Release Date
07/15/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5