HTTP: Internet Explorer Browser Zone Spoofing
This signature detects attempts to access potentially malicious Web sites. When using Microsoft Internet Explorer, a user can be tricked into visiting a malicious Web site that they believe is benign. Additional IE vulnerabilities can allow the malicious Web site to run scripts in the Local Computer zone, which bypasses security checks on the user's machine. In your logs for the event, the malicious Web site appears as the destination IP address.
Extended Description
Microsoft Internet Explorer may allow a malicious Web page to spoof the address bar of the browser. This could be used to lure Web users into a false sense of trust since a malicious or spoofed site may pose as a site that is trusted by the user. This could facilitate phishing attacks. It may also be possible to exploit this issue through HTML email.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:ZONE-SPOOF-2
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Browser Explorer Internet Spoofing Zone bid:10579 bid:10943
Release Date
06/16/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft