Signature Detail

HTTP: Microsoft Internet Explorer Cross-Site-Scripting

This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. An attacker can create a malicious Web site with Web pages containing dangerous JavaScript, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft Internet Explorer is prone to an information-disclosure vulnerability that affects the 'toStaticHTML' API. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Affected Products

• Avaya aura_conferencing 6.0 Standard
• Avaya aura_conferencing Standard
• Avaya callpilot
• Avaya communication_server_1000_telephony_manager
• Avaya meeting_exchange-client_registration_server
• Avaya meeting_exchange-recording_server
• Avaya meeting_exchange-streaming_server
• Avaya meeting_exchange-web_conferencing_server
• Avaya meeting_exchange-webportal
• Avaya messaging_application_server 4
• Avaya messaging_application_server 5
• Avaya messaging_application_server MM 1.1
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Microsoft internet_explorer 8
• Microsoft sharepoint_server_2007 SP1
• Microsoft sharepoint_server_2007 SP2
• Microsoft sharepoint_server_2007
• Microsoft sharepoint_server_2007_enterprise_edition
• Microsoft sharepoint_server_2007_standard_edition
• Microsoft sharepoint_server_2007_x64 SP1
• Microsoft sharepoint_server_2007_x64 SP2
• Microsoft sharepoint_server_2007_x64
• Microsoft sharepoint_services 3.0 SP1
• Microsoft sharepoint_services 3.0 SP2
• Microsoft sharepoint_services_64-bit 3.0
• Microsoft sharepoint_services_64-bit 3.0
• Microsoft sharepoint_services_64-bit 3.0 SP1
• Microsoft sharepoint_services_64-bit 3.0 SP2
• Microsoft windows_sharepoint_services 3.0
• Microsoft windows_sharepoint_services

References

• BugTraq: 43703
• CVE: CVE-2010-3243