Signature Detail

HTTP: Microsoft Internet Explorer HTML Objects Memory Corruption (CVE-2008-2257)

This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

Affected Products

• HP Storage Management Appliance 2.1
• HP Storage Management Appliance I
• HP Storage Management Appliance II
• HP Storage Management Appliance III
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 7.0
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Contact Center
• Nortel Networks Contact Center Administration
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center NCC
• Nortel Networks Enterprise VoIP TM-CS1000
• Nortel Networks Self-Service
• Nortel Networks Self-Service MPS 100
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service MPS 500
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• Nortel Networks Self-Service Speech Server

References

• BugTraq: 30613
• CVE: CVE-2008-2257