[Snort-sigs] Write up for 4148

James Affeld jamesaffeld at ...144...
Tue May 16 13:42:50 EDT 2006


Rule:  WEB-CLIENT DHTML Editing ActiveX Object Access

--
Sid:4148

--
Summary: Hostile web sites can upload arbitrary files
from hosts using unpatched IE 5 browsers

--
Impact: disclosure of arbitrary files, potentially
including password caches.  If combined with another
attack allowing file search for strings characteristic
of credit card numbers, this could be very bad.  

--
Detailed Information: An ActiveX object intended to
provide for WYSIWYG editing on web forms and the like
has a flaw which allows a hostile web site to upload
arbitrary files from a browsing computer if that
computer is using unpatched Internet Explorer 5

--
Affected Systems:
Unpatched IE 5
--
Attack Scenarios:

--
Ease of Attack:
Simple.
--
False Positives:
Many sites use this feature legitimately for WYSIWYG
editing on web forms.  www.blackboard.com is one.  
--
False Negatives:

--
Corrective Action:
Patch all systems using IE 5.
--
Contributors:
Information summarized from rule references, no
original/new data supplied, apart from FP source.  
-- 
Additional References:

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 




More information about the Snort-sigs mailing list