Intrusion PreventionMS.IE.ShowHelp.Arbitrary.Command.Execution
Description
It indicates a possible exploit of "ShowHelp Arbitrary Command Execution vulnerability" in Microsoft Internet Explorer.
A vulnerability is reported in the showhelp() function of Internet explorer that may allow a remote attacker to execute arbitrary code on local computer zone with current user permission. An attacker can exploit this vulnerability to copy malicious code to the local system from internet zone. showhelp() function allows to access help content contained in the HTML page and also can do other actions using pluggable protocols. Cross domain Security restriction can be bypassed while calling showhlep() function so that by crafting malicious web pages it is possible to access information of other domains Or execute arbitrary code on the local system with current user permission.
Affected Products
Microsoft Internet Explorer 6.0 SP1 and earlier versions.
Impact
Compromise of the affected system.
Recommended Actions
Apply security patch to the system as given in the Microsoft Security Bulletin MS03-004.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 10043 |
| Created | Jun 08, 2005 |
| Updated | Jan 13, 2022 |
| Risk |
|
| CVE ID | CVE-2003-1328 |
| Exploit Prediction Score | 9.22% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | IE |