HTTP: Content Advisor Ratings File "Name" Parameter Overflow
This signature detects attempts to exploit a known vulnerability against Internet Explorer due to the way that it handles Content Advisor files. An attacker can exploit the vulnerability by constructing a maliciously crafted Content Advisor file. This malicious Content Advisor file could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message and accepted the installation of the file. A successful attack could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
Extended Description
Microsoft Internet Explorer is prone to a remote buffer overflow vulnerability when handling malformed Content Advisor files. An attacker can exploit this issue by crafting a Content Advisor file with excessive data and arbitrary machine code to be processed by the browser. A typical attack would involve the attacker creating a Web site that includes the malicious file. A similar attack can also be carried out through HTML email using Microsoft Outlook and Microsoft Outlook Express applications. It should be noted that successful exploitation requires the user to follow various steps to install a malicious file.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:MSRAT-NAME-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
"Name" Advisor CVE-2005-0555 CVE-2005-3683 Content File Overflow Parameter Ratings bid:13117 bid:15457
Release Date
04/12/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3665
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5