Check Point Advisories

Microsoft Windows Shell MSHTA Script Execution in OLE Files (MS05-016) - Ver2 (CVE-2005-0063)

Check Point Reference: CPAI-2014-1287
Date Published: 31 Mar 2014
Severity: High
Last Updated: Monday 31 March, 2014
Source: CVE-2005-0063
Industry Reference:CVE-2005-0063
Protection Provided by:

Security Gateway
R77, R76, R75
Who is Vulnerable?
Vulnerability Description The Windows operating system provides facilities that make it possible to invoke different applications to handle different types of files. This makes it possible for a user to double click on a known image type file, for instance, and by that action launch the proper application to display or edit the file. A vulnerability exists in the way that the Microsoft Windows Shell component handles application associations. By persuading a user to open a malicious file with an unregistered file extension, the HTML Application Host on the target system can be activated to evaluate the embedded script. This vulnerability can allow an attacker to execute code in the same security context of the current logged in user. In an attack scenario where arbitrary code is attempted to be injected and executed on the target machine, a user may observe a window opened and quickly closed automatically as a result of the HTML Application Host component having been invoked. The behaviour of the target system, as a result of a successful attack, is dependent on the intention of the malicious code.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated,
update your Security Gateway product to the latest IPS update.
For information on how to update IPS, go to

SBP-2006-05,
Protection tab and select the version of your choice.

Security Gateway R77 / R76 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Microsoft Windows Shell MSHTA Script Execution in OLE Files (MS05-016) - Ver2 protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

SmartView Tracker will log the following entries:

Attack Name:  POP3.
Attack Information:  Microsoft Windows Shell MSHTA Script Execution in OLE Files (MS05-016) - Ver2

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK