HTTP: Microsoft Internet Explorer Object Tag XML RCE
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Extended Description
Internet Explorer does not properly handle object types, when rendering XML based web sites. This may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer receives a response from the server when a malicious XML web page containing an embedded object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be installed and executed on the local system. The Mindwarper exploit is actually reported to exploit one of the issues in BID 8577, which has not been addressed by the patches provided in MS03-040.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:OBJECT-TAG-XML
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2003-0809 Explorer Internet Microsoft Object RCE Tag XML bid:8565
Release Date
04/08/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5