Title: Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability
Severity: HIGH
Description:
Microsoft Internet Explorer is affected by remote code execution vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner.
This vulnerability presents itself when the browser handles a JavaScript 'onLoad' handler, when combined with an improperly initialized 'Window()' JavaScript function.
Internet Explorer fails to properly initialize the JavaScript 'Window()' function. When the 'onLoad' handler is set to call the improperly initialized 'Window()' function, the Web browser attempts to call the address 0x006F005B, which is derived from the Unicode representation of 'OBJECT'.
It is shown that JavaScript prompt boxes can be used by attackers to fill the memory region at 0x00600000 with attacker-supplied data, allowing executable machine code to be placed into the required address space.
An attacker may exploit this issue by enticing a user to visit a malicious site resulting in remote code execution; failed exploitation attempts result in a denial of service condition in the application.
Affected Products:
- Avaya DefinityOne Media Servers
- Avaya DefinityOne Media Servers R10
- Avaya DefinityOne Media Servers R11
- Avaya DefinityOne Media Servers R12
- Avaya DefinityOne Media Servers R6
- Avaya DefinityOne Media Servers R7
- Avaya DefinityOne Media Servers R8
- Avaya DefinityOne Media Servers R9
- Avaya IP600 Media Servers
- Avaya IP600 Media Servers R10
- Avaya IP600 Media Servers R11
- Avaya IP600 Media Servers R12
- Avaya IP600 Media Servers R6
- Avaya IP600 Media Servers R7
- Avaya IP600 Media Servers R8
- Avaya IP600 Media Servers R9
- Avaya Modular Messaging (MAS)
- Avaya S8100 Media Servers
- Avaya S8100 Media Servers R10
- Avaya S8100 Media Servers R11
- Avaya S8100 Media Servers R12
- Avaya S8100 Media Servers R6
- Avaya S8100 Media Servers R7
- Avaya S8100 Media Servers R8
- Avaya S8100 Media Servers R9
- Avaya Unified Communications Center S3400
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Internet Explorer 6.0 SP2 - do not use
- Microsoft Windows ME
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Avaya: ASA-2005-234 - Windows Security Updates for December 2005 (MS05-054 MS05-055)
- Microsoft: Microsoft Security Advisory (911302)
- Microsoft: Microsoft Security Bulletin MS05-054
- Microsoft: Technet Security
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
