SMTP: Microsoft Internet Explorer Dereferenced Object Access
This signature detects attempts to exploit a known remote code execution vulnerability in Microsoft Internet Explorer. It exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker can exploit this by constructing a specially crafted Web page. When a user views the Web page, the vulnerability can allow remote code execution.
Extended Description
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
References
CVE: CVE-2010-3328
Short Name
SMTP:EMAIL:IE-DEREF-OBJ-ACCESS
Severity
Major
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
Access CVE-2010-3328 Dereferenced Explorer Internet Microsoft Object
Release Date
01/12/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3659
False Positive
Unknown
CVSS Score
9.3