HTTP: Microsoft Internet Explorer CSS Processor Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can cause arbitrary code to be executed within the context of the current user.
Extended Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the vulnerable application. This issue affects Internet Explorer 5.01 SP4 running on Microsoft Windows 2000 SP4.
Affected Products
Avaya messaging_application_server,Avaya customer_interaction_express_(cie)_user_interface
Short Name
HTTP:STC:IE:CSS-HEAP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CSS CVE-2007-0943 Code Execution Explorer Internet Microsoft Processor bid:25288
Release Date
08/14/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Hp
Avaya
CVSS Score
6.8