HTTP: Internet Explorer Install Engine Integer Overflow
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer Install Engine. Attackers can create a malicious Web site that, when visited by a user, enables attackers to install and run software on a target machine with the user's privileges.
Extended Description
A remotely exploitable buffer overflow vulnerability exists in the Microsoft Internet Explorer Install Engine ActiveX control. This vulnerability is caused by insufficient bounds checking of arguments passed to the control leading to a heap overflow. The vulnerability may be exploited to execute arbitrary code in the context of the client user.
Affected Products
Avaya s8100_media_servers,Microsoft internet_explorer
Short Name
HTTP:STC:IE:INST-ENG-INT-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2004-0216 Engine Explorer Install Integer Internet Overflow bid:11366
Release Date
02/04/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
10.0