Check Point Advisories

Internet Explorer Drag and Drop Code Execution (CVE-2005-0053)

Vulnerability
Protection

Check Point Reference:	CPAI-2004-193
Date Published:	11 Mar 2010
Severity:	High
Last Updated:	Thursday 11 March, 2010
Source:
Industry Reference:	CVE-2005-0053
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	Microsoft Internet Explorer provides a number of ways to represent remote or local content. One of its more powerful features is the Web folder view. The Web folder provides easy access to files located on a web server. A vulnerability exists in the Microsoft Internet Explorer security restriction of local resources. When a local resource is specified as a folder property for a web folder anchor, Internet Explorer allows dropping certain types (image and text) of files from a remote source into the local folder without warning the user. An attacker can save arbitrary code to the local file system of a target by embedding the code in a legitimate file and enticing user to drag-and-drop the file into a local resource folder.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Internet Explorer Drag and Drop Code Execution protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Client Enforcement Violation.
Attack Information: Microsoft Internet Explorer drag and drop code execution