MS.IE.url.dll.Telnet.Handler.Insecure.EXE.Loading
Description
This indicates a remote Code Execution vulnerability in the url.dll component of Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles a telnet URI. It allows a remote attacker to execute arbitrary code via enticing a target user to open a crafted webpage from a "WebDAV" or "SMB" share.
Affected Products
Products directly affected by the vulnerability:
+ Microsoft Internet Explorer 6
+ Microsoft Internet Explorer 7
+ Microsoft Internet Explorer 8
+ Microsoft Internet Explorer 9
+ Apple Safari 5.1 and prior
+ Mozilla Firefox 5.0.1 and Prior
Products embedding the vulnerable module:
+ Microsoft Windows XP
+ Microsoft Windows Vista
+ Microsoft Windows 7
+ Microsoft Windows Server 2003
+ Microsoft Windows Server 2008
+ Microsoft Windows Server 2008 R2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor.
http://support.microsoft.com/kb/2559049
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-06-15 | 18.098 | Sig Added |