Signature Detail

HTTP: Microsoft Internet Explorer CSS Race Condition Arbitrary Code Execution

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Affected Products

• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 8
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 1005R
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 202I
• Nortel Networks CallPilot 600R
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Contact Center Administration
• Nortel Networks Contact Center Administration CCMA 6.0
• Nortel Networks Contact Center Administration CCMA 7.0
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Multimedia
• Nortel Networks Contact Center Multimedia & Outbound 6.0
• Nortel Networks Contact Center Multimedia & Outbound 7.0
• Nortel Networks Media Processing Server
• Nortel Networks Media Processing Svr 100
• Nortel Networks Media Processing Svr 1000 Rel 3.0
• Nortel Networks Media Processing Svr 500 Rel 3.0
• Nortel Networks Multimedia Comm Mas
• Nortel Networks Self-Service Media Processing Server
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• Nortel Networks Self-Service Speech Server

References

• BugTraq: 37212
• CVE: CVE-2009-3673