Signature Detail

HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-0267)

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to the way that Internet Explorer handles certain type of mouse movement events. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful code injection attack, the behavior of the target host is entirely dependent on the logic of the injected code and executes within the security context of the currently logged in user. In an unsuccessful attack, the application can terminate abnormally.

Extended Description

Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.

Affected Products

• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 7.0

References

• BugTraq: 39023
• CVE: CVE-2010-0267