Signature Detail

HTTP: Microsoft Internet Explorer boundElements Uninitialized Memory Corruption

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due an error when handling DOM objects that have not been initialized or have been deleted. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. A successful attack can result in arbitrary code execution.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Affected Products

• Avaya aura_conferencing 6.0 Standard
• Avaya meeting_exchange-client_registration_server
• Avaya meeting_exchange-recording_server
• Avaya meeting_exchange-streaming_server
• Avaya meeting_exchange-web_conferencing_server
• Avaya meeting_exchange-webportal
• Avaya messaging_application_server 4
• Avaya messaging_application_server 5
• Avaya messaging_application_server MM 1.1
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Microsoft internet_explorer 6.0
• Microsoft internet_explorer 6.0
• Microsoft internet_explorer 6.0 SP1
• Microsoft internet_explorer 6.0 SP2
• Microsoft internet_explorer 6.0 SP3

References

• BugTraq: 42288
• CVE: CVE-2010-2557