HTTP: Script Evasion Function Reassignment
This signature detects attempts to exploit a known JavaScript/VBScript evasion technique. Many common Web browsers and servers are affected. The technique utilizes function reassignment, which if successful, enables the malicious script to bypass name filtering systems.
Extended Description
Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Microsoft internet_explorer
References
BugTraq: 37815
Short Name
HTTP:STC:SCRIPT:FUNC-REASSIGN
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Evasion Function Reassignment Script bid:37815
Release Date
08/05/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3809
False Positive
Rarely
Vendors
Nortel_networks
Avaya
Microsoft