Check Point Reference: | CPAI-2005-199 |
Date Published: | 6 Dec 2009 |
Severity: | High |
Last Updated: | Sunday 06 December, 2009 |
Source: | |
Industry Reference: | CVE-2005-0056 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | Microsoft Internet Explorer employs the concept of security zones, which enables the browser to apply different security policies based on the origin of the content that is being rendered. For instance, separate restrictions may be set for remote content and for local content. As a rule, Internet Explorer will apply the Internet zone security policies to all content which originates from a remote location. These same Internet zone restrictions also apply to any local content that may be referenced by remote code in any way. Any HTML code or other script that is executed locally, has the Local Machine zone security policies applied to it. The security restrictions in this particular zone are minimal by default. There exists a vulnerability in the security restriction implementation of Microsoft Internet Explorer. A specially crafted Channel Definition Format (CDF) file can allow remote code execution in the Local Machine security zone. A successful exploitation will cause a message dialogue box to pop up, asking the user for acknowledgement. When the target user agrees to the prompted operation, the malicious action will take place. The result of a successful exploit may be code execution with the privileges of the currently logged in user, web site spoofing or cookie theft. |
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Client Enforcement Violation.
Attack Information: Microsoft Internet Explorer CDF cross domain scripting (MS05-014)