Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Internet Explorer File Download Dialog Box Manipulation (MS05-054)

Subscribe

Check Point Reference: CPAI-2005-355
Date Published:
Severity:
Last Updated:
Source: Secunia Advisory: SA15368
Industry Reference(s): CVE-2005-2829
Protection Provided by: Security Gateway
  • R75
Who is Vulnerable?
Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Vulnerability Description
Microsoft Internet Explorer (IE) is a web browser application capable of downloading and displaying various Internet resources. With IE, a user can download files from network servers using various protocols such as HTTP and FTP. IE can parse and display HTML pages and image files by itself. For other types of files that IE cannot process directly, a File Download dialogue box is displayed to the user.
Vulnerability Details
There exists a dialogue box manipulation vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a design flaw that lets an attacker manipulate the File Download dialogue box. The exploitation of this vulnerability requires user interaction and may result in attacker-supplied code to be executed within the security context of the currently logged in user.
In an successful attack exploiting this vulnerability, the target user is tricked to run a malicious file supplied by the attacker. The behaviour of the system is dependent on the nature the supplied executable file. Any code execution will be in the security context of the current logged in user. Note that a noticeable behaviour in such attacks on the target is opening of a download dialogue box waiting to get the focus.

Protection Overview
This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > IPS Software Blade > Web Intelligence > HTTP Client Protections > Microsoft Internet Explorer Vulnerabilities .
2. In the right pane, double-click the Internet Explorer File Download Dialog Box Manipulation (MS05-054) protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer file download dialog box manipulation (MS05-054)