HTTP: Internet Explorer Cross Site Scripting Via JPEG
This signature detects attempts to exploit a known vulnerability in Internet Explorer. Internet Explorer contains a mime type error that enables a file with JPEG extension to be executed as a script. Attackers can include a script within a .jpg file to perform cross site scripting exploits.
Extended Description
An HTML parser feature included in Internet Explorer could allow malicious script, included in a HTML file that is saved as another file type, to execute upon attempting to open the file. For example, if a file has a .gif, .txt, or .jpg etc. file extension, and it contains HTML tags along with arbitrary script. IE will detect the content type and not open the file according to the extension, it will be opened as an HTML file. Possibly allowing the execution of the arbitrary script.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IMG:JPEG-SCRIPT
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2001-0712 Cross Explorer Internet JPEG Scripting Site Via bid:3116
Release Date
06/01/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5