Signature Detail
Short Name |
HTTP:STC:IE:6-10-MEM-CORRUPTION |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer 6-10 Memory Corruption |
Release Date |
2013/10/08 |
Update Number |
2307 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Internet Explorer 6-10 Memory Corruption
This signature detects attempts to exploit a known flaw in the Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Extended Description
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
Affected Products
- microsoft internet_explorer 10
- microsoft internet_explorer 11 (developer-preview)
- microsoft internet_explorer 11 (release-preview)
- microsoft internet_explorer 6
- microsoft internet_explorer 7
- microsoft internet_explorer 8
- microsoft internet_explorer 9
References
- CVE: CVE-2013-3897