Signature Detail

HTTP: Microsoft Internet Explorer DHTML Object Memory Corruption

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer DHTML Object. Attackers can leverage this vulnerability to execute arbitrary code on the victim.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Affected Products

• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 1005R
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center NCC
• Nortel Networks Multimedia Comm Mas
• Nortel Networks Self-Service MPS 100
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service MPS 500
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri NT Server
• Nortel Networks Self-Service Peri Workstation

References

• BugTraq: 35198
• CVE: CVE-2009-1141