HTTP: Internet Explorer Arbitrary Code Execution

This signature detects an HTTP redirect response that contains a maliciously crafted location header. Attackers can trigger the malicious header when attempting to exploit a known vulnerability in Microsoft Internet Explorer 6.

Extended Description

Microsoft Internet Explorer is prone to a vulnerability that may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone. It is possible to exploit this issue by passing a dynamically created IFrame to a modal dialog. This vulnerability could be exploited in combination with a number of other security issues, such as the weakness described in BID 10472. The end result of successful exploitation is execution of arbitrary code in the context of the client user. It may also be possible to exploit this vulnerability to access properties of a foreign domain, allowing for other types of attacks that compromise sensitive or private information associated with a domain of the attacker's choosing.

Affected Products

Microsoft internet_explorer

Short Name
HTTP:STC:IE:HDRLOC-MSITS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2004-0549 Code Execution Explorer Internet bid:10473
Release Date
06/09/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Microsoft

CVSS Score

10.0

Found a potential security threat?