HTTP: Internet Explorer XML Handling Exploit Attempt
This signature detects attempts to exploit a known vulnerability in Internet Explorer's XML handling. An attacker can create a malicious Web site containing Web pages with dangerous XML data, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. NOTE: Symantec has received reports that this issue is being actively exploited in the wild.
Affected Products
Avaya messaging_application_server,Microsoft internet_explorer
References
BugTraq: 32721
CVE: CVE-2008-4844
URL: http://www.microsoft.com/technet/security/advisory/961051.mspx
Short Name
HTTP:STC:IE:XML-HANDLE-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Attempt CVE-2008-4844 Exploit Explorer Handling Internet XML bid:32721
Release Date
12/12/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3704
False Positive
Unknown
Vendors
Nortel_networks
Hp
Microsoft
Avaya
CVSS Score
9.3