1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS IE FTP Proto Hndlr Loc File Disc

HTTP MS IE FTP Proto Hndlr Loc File Disc

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects attempts to exploit a local FTP protocol-based file disclosure vulnerability in Microsoft Internet Explorer.

Additional Information

Microsoft Internet Explorer contains a weakness that may allow remote attackers to disclose directory contents on the local system. This issue may be combined with other vulnerabilities to disclose sensitive information or reference previously placed malicious files on the system.

It is reported that this issue may be triggered by employing the 'SRC' attribute of an IFRAME. An attacker can use the 'ftp://' handler with '../' character sequences through the 'SRC' attribute to potentially disclose sensitive files. It should be noted that an attacker must be able to reference properties of the IFRAME remotely to carry out this attack. This may be accomplished by exploiting a zone bypass type of vulnerability.

Another attack scenario could involve an attacker placing a malicious file on a vulnerable system and then using this technique to determine the location of the file. This also requires the attacker to exploit some other vulnerability or enticing a user to download a malicious file before using this weakness to reference the local file.

Affected

  • Microsoft Internet Explorer 6.0, 6.0 SP1

Response

Upgrade to the latest version of Microsoft Internet Explorer.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube