Signature Detail

HTTP: Conflicting CHARSET

This signature detects attempts to exploit a known vulnerability in Internet Explorer 6.0 (IE). An attacker can create malicious Web pages containing conflicting Charset information, which if access by a victim, can allow the attacker to gain control of the victim's client browsers. Note: Do not include this attack object into your policy if your e-mail service utilizes Outlook Web Access as it can trigger false positives.

Extended Description

Microsoft Internet Explorer is prone to remote code-execution vulnerability because of a race-condition in its language-pack installation support. A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

Affected Products

• Avaya customer_interaction_express_(cie)_user_interface 1.0
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Hp storage_management_appliance 2.1
• Microsoft internet_explorer 5.0.1
• Microsoft internet_explorer 5.0.1 SP1
• Microsoft internet_explorer 5.0.1 SP2
• Microsoft internet_explorer 5.0.1 SP3
• Microsoft internet_explorer 5.0.1 SP4
• Microsoft internet_explorer 6.0
• Microsoft internet_explorer 6.0 SP1
• Microsoft internet_explorer 7.0
• Nortel_networks centrex_ip_client_manager 7.0.0
• Nortel_networks centrex_ip_client_manager 8.0.0
• Nortel_networks centrex_ip_client_manager 9.0
• Nortel_networks centrex_ip_client_manager

References

• BugTraq: 24429
• CVE: CVE-2007-3027
• URL: http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx