Signature Detail

HTTP: Microsoft Internet Explorer Dereferenced Object Access

This signature detects attempts to exploit a known remote code execution vulnerability in Microsoft Internet Explorer. It exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker can exploit this by constructing a specially crafted Web page. When a user views the Web page, the vulnerability can allow remote code execution.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Affected Products

• Avaya Aura Conferencing 6.0 Standard
• Avaya Aura Conferencing Standard
• Avaya CallPilot
• Avaya Communication Server 1000 Telephony Manager
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 6.0 SP2
• Microsoft Internet Explorer 6.0 SP3
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 8

References

• BugTraq: 43705
• CVE: CVE-2010-3328