IE 6.0 Security Zone Bypass Leading to Remote Code Execution via File Protocol Flood

Vulnerability Overview Affected System: Internet Explorer 6.0.2800 (6.x?) Remote Exploitable: Yes Title: Response to Security Zone Flooding Condition for Internet Explorer 6.0.2800 (6.x?)! [CRITICAL] Date: 2003-05-08 9:05:38 Vulnerability Description A VB script was discovered that creates a large number of frames and executes numerous requests. These scripts can be identified by AVP as . This finding is related to research on delivering passive Trojan executable files via Outlook and Internet Explorer. Vulnerability Details In test environments, it was found that the security zone protection in Internet Explorer can be bypassed by making numerous requests, such as targeting an infected file server. After bypassing, any requested file will be executed, for example, located on other Win2K workstations within the LAN. Exploitation Conditions In IE 6.0, over 200 dialog boxes with requests can lead to the target file being executed. In IE 6.0, opening a file named containing requests will result in the execution of the application. Exploitation Method Renaming HTML files with a extension increases the scale of exploitation. Attackers may exploit this without users suspecting the security risk of files, easily executing malicious programs by constructing numerous file requests. Mitigation Wait for an official patch to be released. Use non-IE browsers such as Opera, which may not be affected. Set security zone settings to "High". Malicious VB scripts have been identified by antivirus software such as AVP. Notes Exercise caution with the activity password information sent with the file and the attachment named .

Goal Reached Thanks to every supporter — we hit 100%!

IE 6.0 Security Zone Bypass Leading to Remote Code Execution via File Protocol Flood