HTTP: Microsoft Internet Explorer Uninitialized DOM Memory Corruption
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. It is due to a memory corruption that can occur when Internet Explorer handles uninitialized DOM. Remote attackers can exploit this by enticing target users to visit a malicious Web page. A successful attack can result in execution of arbitrary code on the vulnerable system in the context of the logged-on user. If successful, the attack behavior of the target machine is dependent on the intention of the malicious code. In an unsuccessful attack, the associated browser tab can terminate abnormally and then the browser will recover it.
Extended Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.
Affected Products
Nortel_networks self-service_media_processing_server,Nortel_networks multimedia_comm_mas
Short Name
HTTP:STC:IE:UNINIT-DOM
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-3674 Corruption DOM Explorer Internet Memory Microsoft Uninitialized bid:37213
Release Date
10/18/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
9.3