| VID |
28603 |
| Severity |
20 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A user is found to have the Internet Explorer "Warn if forms submit is being redirected" option turned off.
The option "Warn if forms submit is being redirected" of Internet Explorer Security options controls whether it should warn the user when form data is redirected to another page. If this setting is enabled, an Internet Redirection dialog box appears when you are about to be redirected to a new Web site. If you choose to continue, any information you exchanged with the current Web site (such as your e-mail address) may be accessed by the new Web site, It can allow Confidential data to be submitted to a non-secure site. By enabling the appropriate settings, you can prevent the attacker from launching further attacks using Internet Explorer.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://hq.mcafeeasap.com/vulnerabilities/vuln_data/22000.asp
http://support.microsoft.com/?kbid=179611
* Platforms Affected:
Microsoft Internet Explorer Any version |
| Recommendation |
Set the Internet Explorer Option to the appropriate value by using the following steps:
For Internet Explorer 4:
1. Open Internet Explorer.
2. From the View menu, select Internet Options.
3. Click the "Advanced" tab and Scroll down to the "Security" section.
4. Check the box "Warn if forms submit is being redirected".
For Internet Explorer 5 - 10:
1. Open Internet Explorer.
2. From the Tools menu, select Internet Options.
3. Click the ¡°Advanced¡± tab and Scroll down to the "Security" section.
4. Check the box "Warn if forms submit is being redirected". |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
358 (ISS) |
|
