Signature Detail

HTTP: Microsoft Internet Explorer 7 Event Handler Memory Corruption

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to Internet Explorer accesses memory object that has not been correctly initialized or has been deleted. A remote attacker can exploit this by enticing a target user to open a malicious web page. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the currently logged in user. If the attack is unsuccessful, the vulnerable application can terminate abnormally.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.

Affected Products

• Avaya messaging_application_server MM 1.1
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Microsoft internet_explorer 7.0
• Nortel_networks callpilot 1002Rp
• Nortel_networks callpilot 200I
• Nortel_networks callpilot 703T
• Nortel_networks contact_center_express
• Nortel_networks contact_center_manager_server
• Nortel_networks contact_center_ncc
• Nortel_networks multimedia_comm_mas
• Nortel_networks self-service_mps_100
• Nortel_networks self-service_mps_1000
• Nortel_networks self-service_mps_500
• Nortel_networks self-service_peri_application
• Nortel_networks self-service_peri_workstation
• Nortel_networks self-service_speech_server

References

• BugTraq: 35224
• CVE: CVE-2009-1530