HTTP: Microsoft Internet Explorer TextRange Object Memory Corruption
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. In a successful attack, where arbitrary code is attempted to be injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. In an unsuccessful attack, the application can terminate as a result of the attempt.
Extended Description
Microsoft Internet Explorer is prone to a code-execution vulnerability because the application fails to handle certain JavaScript code. This issue is triggered when a remote attacker entices a victim to visit a malicious site. Attackers may exploit this issue to execute arbitrary code in the context of the logged-in user, facilitating the remote compromise of affected computers.
Affected Products
Nortel_networks self-service_media_processing_server,Microsoft internet_explorer
Short Name
HTTP:STC:IE:TEXTRANGE-OBJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2008-2255 Corruption Explorer Internet Memory Microsoft Object TextRange bid:28295
Release Date
10/12/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3811
False Positive
Unknown
Vendors
Nortel_networks
Hp
Avaya
Microsoft
CVSS Score
9.3