HTTP: Microsoft Internet Explorer Nested Object Tags
This signature detects the download of nested Object tags in an HTML document. These tags can cause Internet Explorer to crash.
Extended Description
Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content. An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user, but this has not been confirmed. Exploit attempts likely result in crashing the affected application. Attackers could exploit this issue through HTML email/newsgroup postings or through other applications that employ the affected component. Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is reportedly vulnerable to this issue; other versions may also be affected.
References
BugTraq: 17658
CVE: CVE-2006-1992
URL: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0615.html
Short Name
HTTP:STC:IE:NESTED-OBJECT-TAG
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2006-1992 Explorer Internet Microsoft Nested Object Tags bid:17658
Release Date
04/27/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
CVSS Score
2.6