|
2002546 : Microsoft Internet Explorer 3.0 allows remote command execution |
|
High RiskQuick Links
- Event Description
- Products that have this security check
- Affected platforms
- How to remove this vulnerability
- References
- Information about this document
Event description
Microsoft Internet Explorer could allow an attacker to execute arbitrary commands on the system. By creating a malicious Web site, an attacker can execute commands on another user's computer or even create a login on the visiting client's computer.
Products that have this security check
- BlackICE Agent for Server
- BlackICE PC Protection
- BlackICE Server Protection
- IBM Security Server Protection for Windows
- Proventia Desktop
- Proventia Network IDS
- Proventia Network IPS
- Proventia Network MFS
- Proventia Server IPS for Linux technology
- RealSecure Desktop
- RealSecure Desktop Protector
- RealSecure Desktop Protector 3.6
- RealSecure Guard
- RealSecure Network
- RealSecure Sentry
- RealSecure Server Sensor
- Virtual Server Protection for Vmware
| HTTP_FileTypeLnk | |
This signature detects an attempt to access a .lnk file ('/*/*.lnk'). Under some circumstances, an attacker could use such a file to gain access to privileged information on the client system. This signature replaces HTTP_IE3_URL. | |
| False Positive: | A valid URI may happen to contain the exploit. |
Affected platforms
- Microsoft Internet Explorer 2.0Microsoft Internet Explorer 3.0.1Microsoft Windows
How to remove this vulnerability
Upgrade to the latest version of Internet Explorer (3.02 or later), available from the Microsoft Web site. See References.
References
Security Bugware Web site
Internet Explorer #2
http://focus.silversand.net/vulner/allbug/ie2.html
Security Bugware Web site
Internet Explorer #1
http://focus.silversand.net/vulner/allbug/ie.html
Microsoft Corporation Web site
Internet Explorer Home Page
http://www.microsoft.com/windows/ie/
Common Vulnerabilities and Exposures
Remote command execution in Microsoft Internet Explorer using .lnk and .url files.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0280
BugTraq
Microsoft Internet Explorer 3.01 Remote .lnk/.url Vulnerability
http://www.securityfocus.com/bid/2081
Information about this document
The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than Internet Security Systems. Use of this information constitutes acceptance for use in an "AS IS" condition, without warranties of any kind, and any use of this information is at the user's own risk. Internet Security Systems disclaims all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Internet Security Systems be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if Internet Security Systems has been advised of the possibility of such damages.
Copyright © 1997 – 2012 IBM Internet Security Systems. All rights reserved.
This page was created on Thu Feb 9 01:04:26 2012