Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against Web-Folders Behaviors Cross-Domain Vulnerability (MS05-038)

Attack ID: CPAI-2005-115
Publish Date:
Category: HTTP Methods
Vulnerable Systems: Microsoft Windows 2000 SP4
Microsoft Windows XP SP1
Microsoft Windows XP SP2
Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Source:

Microsoft Security Bulletin MS05-038
Description: A vulnerability exists in the way Internet Explorer handles certain URLs when using the HTTP extension WebDAV. An attacker could exploit this vulnerability by creating a malicious Web page and then persuading the user to visit this page. Successful exploitation can result in remote code execution.
Severity:
Details: The vulnerability is due to the process by which certain URLs are interpreted when browsing from a Web page to a Web folder view using WebDAV. URLs are not properly validated by the Internet Explorer cross-domain security model. This process is handled by the Web Folder Behaviors in Internet Explorer. Web Folder Behaviors, available in Microsoft Internet Explorer 5 and later versions, allow users to browse to a folder view, and include support for Distributed Authoring and Versioning (DAV) and Web Extender Client (WEC) protocols. WebDAV is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers.  
Attack Detection: Users of VPN-1 NG with Application Intelligence R54 and later versions who have applied the solution outlined below will identify the attack by a log such as the following:

Attack Name: HTTP Methods
Information: reason: WSE0120001 blocked method : 'LOCK'
Solution: Users of VPN-1 NG with Application Intelligence R54 and later versions who have applied the solution outlined in CPAI-2005-41 are preemptively protected against this vulnerability. Please refer to the solution section of CPAI-2004-41 for configuration instructions on how to block WebDAV.
Industry Reference: CAN-2005-1989
Additional Information: