virus logo Intrusion Prevention

HTA.File.Powershell.Remote.Code.Execution

description-logoDescription

This indicates an attempt to exploit a remote Code Execution vulnerability in a HTA file.
The vulnerability is due to insufficient sanitizing of user supplied file while handling maliciously crafted HTA file. A remote attacker can exploit this to execute remote code on the target server via a crafted HTA file.

affected-products-logoAffected Products

Powershell x86
Powershell x64

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 43275
Created Oct 20, 2016
Updated Nov 14, 2016
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows
Affected App Other