HTTP: Internet Explorer showHelp() Arbitrary Program Execution
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer (IE) Help files. Attackers can call the ShowHelp() JavaScript function in the compiled HTML Help file, which contains a shortcut file that can execute arbitrary programs on the local host.
Extended Description
Microsoft Windows is prone to a security flaw in the implementation of the showHelp() function. Microsoft previously released patches that provide security measures to prevent abuse of the showHelp() method to reference local compiled help files (.CHM) from within a web page. This initial problem was described in BID 6780/MS03-004. However, using directory traversal sequences and special syntax when referring to the CHM file, it is possible to bypass this restriction. This could be exploited in combination with other known vulnerabilities to install and execute malicious code on a client system. ** UPDATE: This issue was initially believed to affect Microsoft Internet Explorer but is actually an operating system issue. Microsoft Internet Explorer, Outlook, and Outlook Express may all present attack vectors for this security flaw.
Affected Products
Microsoft windows_nt_terminal_server
References
BugTraq: 9320
CVE: CVE-2003-1041
URL: http://www.securityfocus.com/archive/1/348521 http://www.kb.cert.org/vuls/id/187196
Short Name
HTTP:STC:IE:SHOWHELP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2003-1041 Execution Explorer Internet Program bid:9320 showHelp()
Release Date
07/01/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5