HTTP: Microsoft Internet Explorer HTML Rendering Memory Corruption
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the currently logged in user. In an unsuccessful attack, the application can terminate abnormally.
Extended Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Avaya meeting_exchange-webportal
Short Name
HTTP:STC:IE:OVERLAP-TAGS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2010-0807 Corruption Explorer HTML Internet Memory Microsoft Rendering bid:39024
Release Date
10/20/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Avaya
CVSS Score
9.3