HTTP: Microsoft Internet Explorer Popup Window Zone Bypass
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Extended Description
Internet Explorer does not properly handle object types, when rendering malicious popup windows. This may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer receives a response from the server when a malicious popup window containing an object tag is parsed. Proper parameter checks of the type of file being loaded are not performed on the object type contained within HTTP response received from the web server.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:ZONE-BYPASS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Bypass CVE-2003-0838 Explorer Internet Microsoft Popup Window Zone bid:8556
Release Date
05/15/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5