HTTP: Microsoft Internet Explorer Deleted Object Memory Corruption
This signature detects attempts to exploit a known vulnerability in Microsoft Explorer. An attacker can create a malicious Web site with Web pages containing reference to deleted objects, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that affects a 'timeChildren' object from the HTML+TIME web standard. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.
Affected Products
Nortel_networks self-service_speech_server,Nortel_networks multimedia_comm_mas
Short Name
HTTP:STC:IE:DEL-OBJ-REF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-1917 Corruption Deleted Explorer Internet Memory Microsoft Object bid:35831
Release Date
09/29/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
9.3