HTTP: Microsoft Internet Explorer Select Element Memory Corruption (CVE-2010-3345)
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to an error when accessing incorrectly initialized memory. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If the attack is unsuccessful, the vulnerable application can terminate abnormally.
Extended Description
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Avaya meeting_exchange
Short Name
HTTP:STC:IE:SELECT-ELEMENT
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
(CVE-2010-3345) CVE-2010-3345 Corruption Element Explorer Internet Memory Microsoft Select bid:45260
Release Date
01/12/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Rarely
Vendors
Avaya
Microsoft
CVSS Score
9.3