Signature Detail

HTTP: Internet Explorer Invalid Layout Directive

This signature detects HTML documents containing potentially malicious layout directives. If a user opens a malicious Web page containing these elements, remote code execution is possible. Internet Explorer 6.0 is vulnerable.

Extended Description

Microsoft Internet Explorer is affected by a memory-corruption vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner. An attacker may exploit this issue by enticing a user to visit a malicious site and then to click anywhere on the page. This results in a denial-of-service condition in the application. The vendor reports this issue may also be exploited to execute arbitrary code in the context of the victim user.

Affected Products

• Microsoft Internet Explorer 5.0
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Centrex IP Client Manager
• Nortel Networks Centrex IP Element Manager
• Nortel Networks Contact Center - Agent Desktop Display
• Nortel Networks Symposium Agent

References

• BugTraq: 18277
• CVE: CVE-2006-3637
• URL: http://archives.neohapsis.com/archives/bugtraq/2006-05/0454.html
• URL: http://www.microsoft.com/technet/security/bulletin/MS06-042.mspx