Signature Detail
Short Name |
HTTP:STC:IE:HTML-OB-MEM |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Internet Explorer HTML Objects Memory Corruption |
Release Date |
2008/10/14 |
Update Number |
1291 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Internet Explorer HTML Objects Memory Corruption
This signature detects Web pages that are attempting to access uninitialized memory. When a user views the Web page, the vulnerability can allow remote code execution in the context of the logged in user.
Extended Description
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
Affected Products
- HP Storage Management Appliance 2.1
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Nortel Networks CallPilot 1002Rp
- Nortel Networks CallPilot 200I
- Nortel Networks CallPilot 201I
- Nortel Networks CallPilot 702T
- Nortel Networks CallPilot 703T
- Nortel Networks Contact Center Administration
- Nortel Networks Contact Center Express
- Nortel Networks Contact Center Manager Server
- Nortel Networks Media Processing Svr 100
- Nortel Networks Media Processing Svr 1000 Rel 3.0
- Nortel Networks Media Processing Svr 500 Rel 3.0
- Nortel Networks Self-Service Peri Application
- Nortel Networks Self-Service Peri Workstation
- Nortel Networks Self-Service Speech Server
References
- CVE: CVE-2008-3472
- CVE: CVE-2008-3476