Intrusion Prevention

MS.IE.Sysimage.Protocol.Handler.Local.File.Detection

Description

It indicates a possible exploit of information disclosure vulnerability in Internet Explorer.


The "sysimage:" URI handler is used for referencing embedded icons in executable files. A vulnerability is reported in Internet Explorer that may allow an attacker to obtain sensitive information from web-client by planting malicious web site. This is due to Internet explorer failure to sanitize data received form a server. In order to exploit this an attacker may plant a malicious web page that references the sysimage: URI handler in an image tag and contains the onError and onLoad events. A remote attacker could determine the existence of a file on the system, once the malicious Web page is visited.


Affected Products

Microsoft Internet Explorer 6.0 SP1 and Microsoft Internet Explorer 6.0

Impact

Information disclosure for further attacks.

Recommended Actions

Apply appropriate patch from the vendor if available.