HTTP: Internet Explorer Windows Scripting Host Object Vulnerability
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer (IE). Attackers can create a malicious Web page that misuses a Windows Scripting Host class ID within an Object Tag. When the Web page is viewed, the Object Tag can give the attacker complete control over the viewer's host computer. Spyware and spam organizations are actively using this exploit to install programs on end-user computers.
Extended Description
The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be executed on the local system. All code execution would occur in the security context of the current user.
Affected Products
Microsoft internet_explorer
References
BugTraq: 8456
CVE: CVE-2003-0532
URL: http://www.kb.cert.org/vuls/id/865940 http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
Short Name
HTTP:STC:CLSID:ACTIVEX:WSH
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2003-0532 Explorer Host Internet Object Scripting Vulnerability Windows bid:8456
Release Date
05/19/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5