Security Best Practice: Protect Yourself from Microsoft Internet Explorer US-ASCII Charset Obfuscation Exploits
| Check Point Reference: | SBP-2010-09 | |
| Date Published: | ||
| Severity: | ||
| Source: | ISS X-Force Database: 27288 | |
| Industry Reference(s): | CVE-2006-3227 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Internet Explorer 6 | ||
| Vulnerability Description Although various security products provide coverage against many web vulnerabilities, these known exploits could potentially bypass security products by using US-ASCII charset obfuscation techniques. Microsoft Internet Explorer contains a flaw related to the encoding Internet transmitted content into ASCII that may allow an attacker to bypass such security filters. |
||
|
Vulnerability Details The vulnerability is due to an interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox. This flaw might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. A remote attacker may exploit this issue by persuading a user to visit a specially crafted ASCII-encoded Web page, which could allow the attacker to bypass Web filtering applications and possibly execute arbitrary code on the affected system. |
Protection Overview
This protection will detect and block specially crafted ASCII-encoded Web pages.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.