HTTP: Microsoft Internet Explorer DHTML Objects Memory Corruption
This signature detects attempts to exploit a known memory corruption vulnerability exists in Microsoft Internet Explorer. It is due to the way Internet Explorer handles switching of page location. Remote attackers can exploit this by persuading target users to visit a specially crafted Web page. A successful code injection attack allows the attacker to execute arbitrary code on the client system, in the context of the logged in user. The behavior of the target depends on the intention of the attacker. In an unsuccessful attack, Internet Explorer can terminate abnormally
Extended Description
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because it fails to adequately handle user-supplied input to certain DHTML object methods. Attackers can exploit this issue to execute arbitrary code in the context of a user running the application. Successful attacks would compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Nortel_networks w-nms-cnm
Short Name
HTTP:STC:IE:DHTML-OBJ-CORRUPT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-5347 Corruption DHTML Explorer Internet Memory Microsoft Objects bid:26427
Release Date
10/20/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Nortel_networks
Hp
Avaya
Microsoft
CVSS Score
6.8