Signature Detail
Short Name |
HTTP:STC:CSS-RELOADED |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
CSS Reloading Vulnerability |
Release Date |
2007/06/12 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: CSS Reloading Vulnerability
This signature detects attempts to exploit a known vulnerability in Internet Explorer 6.0 (IE). An attacker can create malicious Web pages containing dangerous Cascading Style Sheets, which if access by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data. A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.
Affected Products
- Avaya Customer Interaction Express (CIE) User Interface 1.0
- Avaya Messaging Application Server MM 2.0
- Avaya Messaging Application Server MM 3.0
- Avaya Messaging Application Server MM 3.1
- Avaya Messaging Application Server
- HP Storage Management Appliance 2.1
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Nortel Networks Centrex IP Client Manager 7.0.0
- Nortel Networks Centrex IP Client Manager 8.0.0
- Nortel Networks Centrex IP Client Manager 9.0
- Nortel Networks Centrex IP Client Manager
References
- BugTraq: 24423
- CVE: CVE-2007-1750