Intrusion PreventionMS.IE.url.dll.Telnet.Handler.Insecure.EXE.Loading
Description
This indicates a remote Code Execution vulnerability in the url.dll component of Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles a telnet URI. It allows a remote attacker to execute arbitrary code via enticing a target user to open a crafted webpage from a "WebDAV" or "SMB" share.
Affected Products
Products directly affected by the vulnerability:
+ Microsoft Internet Explorer 6
+ Microsoft Internet Explorer 7
+ Microsoft Internet Explorer 8
+ Microsoft Internet Explorer 9
+ Apple Safari 5.1 and prior
+ Mozilla Firefox 5.0.1 and Prior
Products embedding the vulnerable module:
+ Microsoft Windows XP
+ Microsoft Windows Vista
+ Microsoft Windows 7
+ Microsoft Windows Server 2003
+ Microsoft Windows Server 2008
+ Microsoft Windows Server 2008 R2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor.
http://support.microsoft.com/kb/2559049
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-06-15 | 18.098 | Sig Added |
| ID | 28886 |
| Created | Sep 07, 2011 |
| Updated | May 04, 2022 |
| Risk |
|
| CVE ID | CVE-2011-1961 |
| Exploit Prediction Score | 96.46% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | IE |