LowProventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects an attack against Internet Explorer that causes a cached malicious script to execute with localhost internet zone priviledges. This may permit an attacker to read any files on the local system.
Low
Proventia Desktop: 2400, Proventia Network IPS: XPU 29.060, RealSecure Network: XPU 29.060, RealSecure Server Sensor: XPU 29.060, Proventia Network MFS: XPU 29.060, Proventia-G 1.1 and earlier: XPU 29.060, Proventia Network IDS: XPU 29.060, IBM Security Server Protection for Windows: 2.0.300.2400, IBM Security Server Protection for Windows: 1.0.914.2400, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 29.060, Virtual Server Protection for Vmware: 1.0
Microsoft Internet Explorer: 6.0, Microsoft Internet Explorer: 6.0 SP1, Microsoft Windows 2000: SP4, Microsoft Windows XP: SP2, Microsoft Internet Explorer: 7.0, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows Vista: SP1, Microsoft Windows Vista: SP1 x64, Microsoft Internet Explorer: 5.0.1 SP4, Microsoft Windows Server 2008: Itanium, Microsoft Windows Server 2008: x32, Microsoft Windows Server 2008: x64, Microsoft Windows XP: SP3, Microsoft Windows Vista: SP2 x64, Microsoft Windows Vista: SP2, Microsoft Windows Server 2008: SP2 x32, Microsoft Windows Server 2008: SP2 x64, Microsoft Windows Server 2008: SP2 Itanium
Unauthorized Access Attempt
Microsoft Internet Explorer could allow a remote attacker to bypass cross-domain security restrictions, caused by an error when rendering cached content. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to bypass cross-domain security restrictions and view content from the local computer or another browser window in another domain or Internet Explorer zone.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS09-019. See References.
Microsoft Security Bulletin MS09-019
Cumulative Security Update for Internet Explorer (969897)
http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
NORTEL BULLETIN ID: 2009009559, Rev 1
Nortel Response to Microsoft Security Bulletin MS09-019
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932811&poid=
ISS X-Force
Microsoft Internet Explorer cached data cross-domain security bypass
http://www.iss.net/security_center/static/50769.php
CVE
CVE-2009-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1140