Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:IE:COL-TAG-CACHE

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Internet Explorer Table Layout Col Tag Cache Memory Corruption

Release Date

 2010/10/01

Update Number

 1784

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Microsoft Internet Explorer Table Layout Col Tag Cache Memory Corruption


This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. It is due to an error handling the removal of a Col element from table layout. A Col element can still be accessed through a cache even after it has been removed from an HTML table container. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. A successful attack can result in arbitrary code execution as the user.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Affected Products

  • Avaya meeting_exchange-client_registration_server
  • Avaya meeting_exchange-recording_server
  • Avaya meeting_exchange-streaming_server
  • Avaya meeting_exchange-web_conferencing_server
  • Avaya meeting_exchange-webportal
  • Avaya messaging_application_server MM 1.1
  • Avaya messaging_application_server MM 2.0
  • Avaya messaging_application_server MM 3.0
  • Avaya messaging_application_server MM 3.1
  • Avaya messaging_application_server
  • Microsoft internet_explorer 6.0
  • Microsoft internet_explorer 6.0 SP1
  • Microsoft internet_explorer 7.0
  • Microsoft internet_explorer 8
  • Nortel_networks callpilot 1005R
  • Nortel_networks callpilot 201I
  • Nortel_networks callpilot 202I
  • Nortel_networks callpilot 600R
  • Nortel_networks callpilot 703T
  • Nortel_networks contact_center_administration_ccma 6.0
  • Nortel_networks contact_center_administration_ccma 7.0
  • Nortel_networks contact_center_express
  • Nortel_networks contact_center_multimedia_&_outbound 6.0
  • Nortel_networks contact_center_multimedia_&_outbound 7.0
  • Nortel_networks media_processing_server
  • Nortel_networks media_processing_svr_100
  • Nortel_networks media_processing_svr_1000_rel 3.0
  • Nortel_networks media_processing_svr_500_rel 3.0
  • Nortel_networks self_service-cdd
  • Nortel_networks self-service_media_processing_server
  • Nortel_networks self-service_peri_application
  • Nortel_networks self-service_peri_cti
  • Nortel_networks self-service_peri_workstation
  • Nortel_networks self-service_speech_server

References

  • BugTraq: 37891
  • CVE: CVE-2010-0244

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out