Intrusion Prevention

MS.IE.url.dll.Telnet.Handler.Insecure.EXE.Loading

Description

This indicates a remote Code Execution vulnerability in the url.dll component of Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles a telnet URI. It allows a remote attacker to execute arbitrary code via enticing a target user to open a crafted webpage from a "WebDAV" or "SMB" share.

Affected Products

Products directly affected by the vulnerability:
+ Microsoft Internet Explorer 6
+ Microsoft Internet Explorer 7
+ Microsoft Internet Explorer 8
+ Microsoft Internet Explorer 9
+ Apple Safari 5.1 and prior
+ Mozilla Firefox 5.0.1 and Prior
Products embedding the vulnerable module:
+ Microsoft Windows XP
+ Microsoft Windows Vista
+ Microsoft Windows 7
+ Microsoft Windows Server 2003
+ Microsoft Windows Server 2008
+ Microsoft Windows Server 2008 R2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
http://support.microsoft.com/kb/2559049

CVE References

CVE-2011-1961