HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-0267)
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to the way that Internet Explorer handles certain type of mouse movement events. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful code injection attack, the behavior of the target host is entirely dependent on the logic of the injected code and executes within the security context of the currently logged in user. In an unsuccessful attack, the application can terminate abnormally.
Extended Description
Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Avaya meeting_exchange-webportal
Short Name
HTTP:STC:IE:MOUSE-MOVE-MEM
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(CVE-2010-0267) CVE-2010-0267 Corruption Explorer Internet Memory Microsoft Uninitialized bid:39023
Release Date
10/20/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Avaya
Microsoft
CVSS Score
9.3