Check Point Advisories

Internet Explorer CDF Cross Domain Scripting (MS05-014; CVE-2005-0056)

Check Point Reference: CPAI-2005-199
Date Published: 6 Dec 2009
Severity: High
Last Updated: Sunday 06 December, 2009
Source:
Industry Reference:CVE-2005-0056
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Microsoft Internet Explorer employs the concept of security zones, which enables the browser to apply different security policies based on the origin of the content that is being rendered. For instance, separate restrictions may be set for remote content and for local content. As a rule, Internet Explorer will apply the Internet zone security policies to all content which originates from a remote location. These same Internet zone restrictions also apply to any local content that may be referenced by remote code in any way. Any HTML code or other script that is executed locally, has the Local Machine zone security policies applied to it. The security restrictions in this particular zone are minimal by default. There exists a vulnerability in the security restriction implementation of Microsoft Internet Explorer. A specially crafted Channel Definition Format (CDF) file can allow remote code execution in the Local Machine security zone. A successful exploitation will cause a message dialogue box to pop up, asking the user for acknowledgement. When the target user agrees to the prompted operation, the malicious action will take place. The result of a successful exploit may be code execution with the privileges of the currently logged in user, web site spoofing or cookie theft.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Internet Explorer CDF Cross Domain Scripting (MS05-014) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Microsoft Internet Explorer CDF cross domain scripting (MS05-014)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK