Signature Detail
Short Name |
HTTP:STC:IE:MAL-DATASTREAM |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Internet Explorer Malicous Data Stream |
Release Date |
2008/04/08 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Internet Explorer Malicous Data Stream
This signature detects attempts to exploit a known vulnerability in Internet Explorer. An attacker can create a malicious Web site containing Web pages with dangerous data streams, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to adequately handle certain user-supplied data. Attackers can leverage this issue to execute arbitrary code with the privileges of the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions.
Affected Products
- HP Storage Management Appliance 2.1
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Internet Explorer 7.0
- Nortel Networks CallPilot 1002Rp
- Nortel Networks CallPilot 200I
- Nortel Networks CallPilot 201I
- Nortel Networks CallPilot 702T
- Nortel Networks CallPilot 703T
References
- BugTraq: 28552
- CVE: CVE-2008-1085
- URL: http://www.microsoft.com/technet/security/Bulletin/MS08-024.mspx