1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP IE Object Type Validation

HTTP IE Object Type Validation

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Internet Explorer.

Additional Information

Internet Explorer does not properly handle certain HTTP responses, resulting in the possibility of the execution of a local or loaded piece of software.
The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed.

Proper parameter checks of the type of file being loaded are not performed on the object type contained within HTTP response received from the web server.
Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be installed and executed on the local system.

All code execution would occur in the security context of the current user.
It should be noted that an attacker may be capable of also executing locally installed executables with command-line parameters.

It should also be noted that, the execution of a malicious object could be triggered via any mechanism which uses Internet Explorer for parsing web content, including HTML e-mail.

Affected

  • Microsoft Internet Explorer 5.0.1, 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.5, 5.5 SP1, 5.5 SP2, 6.0, 6.0 SP1

Response

Microsoft has posted patches for this issue. They be found from the following bulletin:
Microsoft Security Bulletin MS03-032
Microsoft Internet Explorer does not properly evaluate object types:
Vulnerability Note VU#865940
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube