Published:2005/07/12  Last Updated:2008/05/21

Vulnerability involving security zone handling in applications using Internet Explorer components


Internet Explorer (IE) components apply different security levels for web content processing depending on the location (zone) of the web content.
As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the "Intranet" zone.
However, we have confirmed that some applications using IE components may process web content in an inappropriate zone.

Products Affected

  • Products displaying web contents by using IE components (including IE itself)



Arbitrary code could be executed in a zone with a low security level on a user's computer. This may allow a remote attacker to take complete control of the user's computer.


Vendor Status

Vendor Status Last Update Vendor Notes
FUJITSU LIMITED Vulnerable 2005/10/28
NIPPONHYOJUN Co.Ltd. Vulnerable 2005/07/12
JustSystems Corporation Vulnerable 2005/07/12
Fuji Electric Systems Co.,Ltd. Not Vulnerable 2005/07/12
YMIRLINK Inc. Vulnerable 2005/07/12
manax Co., LTD. Vulnerable 2005/07/12
Hitachi Vulnerable 2006/02/07
NEC Corporation Not Vulnerable, investigating 2005/07/12
Cybozu, Inc. Not Vulnerable 2005/07/12
Mitsubishi Electric Corporation Unknown 2005/07/12
Yamaha Corporation Not Vulnerable 2005/10/14
RICOH COMPANY, LTD. Not Vulnerable 2006/03/10
Orangesoft Inc. Not Vulnerable 2005/09/05


  1. Microsoft Co.,Ltd.
  2. Microsoft Co.,Ltd.
  3. Microsoft Co.,Ltd.
    Introduction to URL Security Zones
  4. Microsoft Co.,Ltd.
    Mark of the Web

JPCERT/CC Addendum


Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
JVN iPedia JVNDB-2005-000775

Update History