HTTP: Internet Explorer Vertical-Align Denial of Service
This signature detects attempts to exploit a known vulnerability in Microsoft's Internet Explorer 6. A maliciously crafted Web site can contain HTML that can cause a browser to crash. The vulnerability exists in how IE handles <div> tags with a vertical alignment option set.
Extended Description
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
Affected Products
Microsoft windows_98
References
BugTraq: 11536
CVE: CVE-2004-1319
URL: http://jehiah.com/archive/ie-vertical-align-top-vulnerability
Short Name
HTTP:STC:IE:VERT-ALIGN-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-1319 Denial Explorer Internet Service Vertical-Align bid:11536 of
Release Date
12/10/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
Nortel
CVSS Score
5.0