HTTP: Microsoft Internet Explorer HTML Objects Memory Corruption (CVE-2009-1918)
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to the way Internet Explorer handles table operations in specific situations. An attacker can persuade the target user to open a malicious web page to exploit this vulnerability. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be run with privileges of the currently logged on user. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
Extended Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.
Affected Products
Nortel_networks self-service_speech_server,Microsoft internet_explorer
Short Name
HTTP:STC:IE:HTML-OBJ-MC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(CVE-2009-1918) CVE-2009-1918 Corruption Explorer HTML Internet Memory Microsoft Objects bid:35826
Release Date
07/26/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3719
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
10.0