1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS IE CHM Cross-Domain Redirect

HTTP MS IE CHM Cross-Domain Redirect

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects any attempts to exploit a cross-domain vulnerability in IE.

Additional Information

There is a cross-domain vulnerability in the way IE determines the security zone of a browser frame that is opened in one domain then redirected by a web server to a different one. A complex set of conditions is involved, including a delayed HTTP response (3xx status code) to change the content of the frame to the new domain.

NOTE: Other programs that host the WebBrowser ActiveX control or use the MSHTML rendering engine, such as Outlook and Outlook Express, may also be affected.

Affected

  • Microsoft Internet Explorer 6.0 SP1

Response

1. Disable Active scripting and ActiveX
2. Apply the Outlook Email Security Update:

For Outlook 98
Outlook 98 Update: E-mail Security

For Outlook 2000:
Office 2000 Update: Service Pack 3 (SP3)
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube