1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP IE Unsafe Scripting Misconfiguration

HTTP IE Unsafe Scripting Misconfiguration

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature will detect attempts to exploit Unsafe Scripting Misconfiguration Flaw in internet explorer.

Additional Information

This exploit takes advantage of the "Initialize and script ActiveX controls not marked safe for scripting" setting within Internet Explorer. When this option is set, IE allows access to the WScript.Shell ActiveX control, which allows javascript to interact with the file system and run commands. This security flaw is not uncommon in corporate environments for the 'Intranet' or 'Trusted Site' zones.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube