Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:IE:CLONE-REF-CORRUPT

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Internet Explorer Clone Object Reference Memory Corruption

Release Date

 2010/10/11

Update Number

 1789

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Microsoft Internet Explorer Clone Object Reference Memory Corruption


A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles unexpected method calls to HTML objects. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Internet Explorer may terminate abnormally.

Extended Description

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

Affected Products

  • Avaya messaging_application_server MM 1.1
  • Avaya messaging_application_server MM 2.0
  • Avaya messaging_application_server MM 3.0
  • Avaya messaging_application_server MM 3.1
  • Avaya messaging_application_server
  • Hp storage_management_appliance 2.1
  • Hp storage_management_appliance I
  • Hp storage_management_appliance II
  • Hp storage_management_appliance III
  • Microsoft internet_explorer 6.0
  • Microsoft internet_explorer 6.0 SP1
  • Microsoft internet_explorer 7.0
  • Nortel_networks callpilot 1002Rp
  • Nortel_networks callpilot 200I
  • Nortel_networks callpilot 201I
  • Nortel_networks callpilot 702T
  • Nortel_networks callpilot 703T
  • Nortel_networks contact_center_administration
  • Nortel_networks contact_center_express
  • Nortel_networks contact_center_manager
  • Nortel_networks contact_center_manager_server
  • Nortel_networks contact_center_multimedia
  • Nortel_networks contact_center_ncc
  • Nortel_networks enterprise_voip TM-CS1000
  • Nortel_networks multimedia_comm MCS5100
  • Nortel_networks multimedia_comm MCS5200
  • Nortel_networks multiservice_data_manager
  • Nortel_networks self-service_mps_100
  • Nortel_networks self-service_mps_1000
  • Nortel_networks self-service_mps_500
  • Nortel_networks self-service_peri_application
  • Nortel_networks self-service_peri_workstation
  • Nortel_networks self-service_speech_server
  • Nortel_networks umts Null
  • Nortel_networks w-nms-cnm 1.0
  • Nortel_networks w-nms-umts 4.2

References

  • BugTraq: 26816
  • CVE: CVE-2007-3903

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out