Signature Detail

HTTP: Microsoft Word Dangerous Embedded ClassID

This signature detects attempts to exploit a known vulnerability against Microsoft Word. A successful attack can lead to memory corruption and possibly arbitrary code execution.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. The following versions of the 'mshtmled.dll' library are affected: 8.0.6001.18702 8.0.6001.18000 7.0.6000.17023 7.0.6000.17080

Affected Products

• Avaya Aura Conferencing 6.0 Standard
• Avaya Aura Conferencing Standard
• Avaya CallPilot
• Avaya Communication Server 1000 Telephony Manager
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 8

References

• BugTraq: 43706
• CVE: CVE-2010-3329