HTTP: Internet Explorer "isComponentInstalled()" Stack Overflow
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer 6.0. Attackers can download a maliciously crafted Web page containing a call to the isComponentInstalled JavaScript method with an overly long parameter, thereby causing the client to download and execute arbitrary code.
Extended Description
Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability in the 'IsComponentInstalled()' method. A successful exploit results in arbitrary code execution in the context of the user running the browser. This issue was reportedly addressed in Windows 2000 SP4 and Windows XP SP1, but this has not been confirmed. Internet Explorer 6 is vulnerable to this issue; earlier versions may also be affected.
References
BugTraq: 16870
CVE: CVE-2006-1016
URL: http://www.frsirt.com/exploits/20060228.ie_iscomponentinstalled.pm.php
Short Name
HTTP:STC:IE:COMPINST-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
"isComponentInstalled()" CVE-2006-1016 Explorer Internet Overflow Stack bid:16870
Release Date
03/01/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
CVSS Score
7.5