Signature Detail

HTTP: Microsoft Internet Explorer Deleted Object Memory Corruption

This signature detects attempts to exploit a known vulnerability in Microsoft Explorer. An attacker can create a malicious Web site with Web pages containing reference to deleted objects, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that affects a 'timeChildren' object from the HTML+TIME web standard. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.

Affected Products

• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 8
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 1005R
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 202I
• Nortel Networks CallPilot 600R
• Nortel Networks CallPilot 703T
• Nortel Networks Contact Center Administration CCMA 6.0
• Nortel Networks Contact Center Administration CCMA 7.0
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Multimedia
• Nortel Networks Contact Center Multimedia & Outbound 6.0
• Nortel Networks Contact Center Multimedia & Outbound 7.0
• Nortel Networks Contact Center NCC
• Nortel Networks Multimedia Comm Mas
• Nortel Networks Self-Service MPS 100
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service MPS 500
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• Nortel Networks Self-Service Speech Server

References

• BugTraq: 35831
• CVE: CVE-2009-1917