Signature Detail

HTTP: Microsoft Internet Explorer Dereferenced Object Access

This signature detects attempts to exploit a known remote code execution vulnerability in Microsoft Internet Explorer. It exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker can exploit this by constructing a specially crafted Web page. When a user views the Web page, the vulnerability can allow remote code execution.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Affected Products

• Avaya aura_conferencing 6.0 Standard
• Avaya aura_conferencing Standard
• Avaya callpilot
• Avaya communication_server_1000_telephony_manager
• Avaya meeting_exchange-client_registration_server
• Avaya meeting_exchange-recording_server
• Avaya meeting_exchange-streaming_server
• Avaya meeting_exchange-web_conferencing_server
• Avaya meeting_exchange-webportal
• Avaya messaging_application_server 4
• Avaya messaging_application_server 5
• Avaya messaging_application_server MM 1.1
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Microsoft internet_explorer 6.0
• Microsoft internet_explorer 6.0
• Microsoft internet_explorer 6.0 SP1
• Microsoft internet_explorer 6.0 SP2
• Microsoft internet_explorer 6.0 SP3
• Microsoft internet_explorer 7.0
• Microsoft internet_explorer 7.0
• Microsoft internet_explorer 8

References

• BugTraq: 43705
• CVE: CVE-2010-3328