Signature Detail
Short Name |
HTTP:STC:IE:CSS-HEAP |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer CSS Processor Code Execution |
Release Date |
2007/08/14 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Internet Explorer CSS Processor Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can cause arbitrary code to be executed within the context of the current user.
Extended Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the vulnerable application. This issue affects Internet Explorer 5.01 SP4 running on Microsoft Windows 2000 SP4.
Affected Products
- Avaya Customer Interaction Express (CIE) Server 1.0
- Avaya Customer Interaction Express (CIE) User Interface 1.0
- Avaya Customer Interaction Express (CIE) User Interface 1.0.2
- Avaya Messaging Application Server MM 2.0
- Avaya Messaging Application Server MM 3.0
- Avaya Messaging Application Server MM 3.1
- Avaya Messaging Application Server
- HP Storage Management Appliance 2.1
- HP Storage Management Appliance I
- HP Storage Management Appliance II
- HP Storage Management Appliance III
- Microsoft Internet Explorer 5.0.1 SP4
References
- BugTraq: 25288
- CVE: CVE-2007-0943