HTTP: Microsoft Internet Explorer HTML Time Element Memory Corruption

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to an error when accessing an object that has been incorrectly initialized or deleted. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful attack where code is injected, the behavior of the target host is entirely dependent on the intended function of the injected code. The injected code would execute within the security context of the currently logged in user. In an unsuccessful attack, the vulnerable application can terminate abnormally.

Extended Description

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Affected Products

Avaya messaging_application_server,Avaya meeting_exchange

Short Name
HTTP:STC:IE:TIME-ELEMENT
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2010-3346 Corruption Element Explorer HTML Internet Memory Microsoft Time bid:45261
Release Date
01/26/2011
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3681
False Positive
Unknown
Vendors

Avaya

Microsoft

CVSS Score

9.3

Found a potential security threat?