HTTP: Internet Explorer Cache clipboardData
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. IE 5.5 is vulnerable; IE 5 SP2 and 6.0 SP1 are not vulnerable. IE does not confirm that multiple open browser windows are operating in the proper security zones; attackers can obtain sensitive information from the host cache and full Read/Write access to the clipboard (regardless of settings).
Extended Description
Microsoft Internet Explorer provides clipboard access functions to web based applications. IE implements an object, clipboardData, that provides script access to clipboard information. This object is presumably provided to allow temporary storage of data and clipboard manipulation by legitimate applications, for example to facilitate drag-and-drop operations. Unfortunately this could potentially result in disclosure of sensitive information to a hostile web site. This is not strictly a vulnerability, as Microsoft provides settings to disable this functionality, however it is enabled by default and operations of this sort can be conducted without prompting the user. For this reason it should be considered a potential threat.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:CACHE-CLIPDATA
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-1671 Cache Explorer Internet bid:3862 clipboardData
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Occasionally
Vendors
Microsoft
CVSS Score
5.0