Microsoft IE Custom HTTP Errors Script Injection

2003-06-17T00:00:00
ID OSVDB:3066
Type osvdb
Reporter OSVDB
Modified 2003-06-17T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw that allows a remote attacker to execute arbitrary script code on a vulnerable system. The issue is due to poor input validation for custom errors generated by IE when an error page is displayed. The error page includes the requested URL which can be injected with arbitrary script that will run on the victim computer in the context of the "My Computer" security zone.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Users can manually disable Active scripting for the "My Computer" security zone. Using "regedit", find the following registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

Change the setting in the value "1400" (Active scripting) from "0" (enabled) to "3" (disabled).

Short Description

Microsoft Internet Explorer contains a flaw that allows a remote attacker to execute arbitrary script code on a vulnerable system. The issue is due to poor input validation for custom errors generated by IE when an error page is displayed. The error page includes the requested URL which can be injected with arbitrary script that will run on the victim computer in the context of the "My Computer" security zone.

Manual Testing Notes

res://shdoclc.dll/HTTP_501.htm#javascript:%2f://%2falert(location.href)/

References:

Security Tracker: 1007007 Secunia Advisory ID:9056 ISS X-Force ID: 12336 Generic Informational URL: http://sec.greymagic.com/adv/gm014-ie/ CVE-2003-0447 Bugtraq ID: 7939