HTTP: Internet Explorer .hta Execution

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can use a malicious crafted HTML page, causing Internet Explorer to bypass security checks. A user, browsing this HTML page, can accidentally launch MSHTA.EXE from this site; thereby allowing the attacker to run their code of choice in the user's context on the victim's system.

Extended Description

Microsoft Internet Explorer is affected by an unspecified remote vulnerability. This vulnerability affects Internet Explorer 6.0 running on Microsoft Windows 98, Windows XP, and Windows Server 2003. A successful attack may allow remote attackers to execute HTA applications in the context of targeted users. This may allow remote attackers to execute code and potentially to compromise affected computers. Due to a lack of information, further details cannot be provided. This BID will be updated when more information becomes available.

Affected Products

Microsoft internet_explorer

Short Name
HTTP:STC:IE:IFRAME-HTA
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
.hta CVE-2006-1388 Execution Explorer Internet bid:17181
Release Date
04/11/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Microsoft

CVSS Score

7.5

Found a potential security threat?