Signature Detail
Short Name |
HTTP:STC:IE:ONUNLOAD-MEM |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer onUnload Event Memory Corruption |
Release Date |
2010/10/05 |
Update Number |
1785 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Internet Explorer onUnload Event Memory Corruption
This signature detects attempts to exploit a known vulnerability Microsoft Internet Explorer. An attacker can create a malicious Web site with Web pages containing dangerous Javascript, which if accessed by a victim, can cause a denial-of-service condition.
Extended Description
Microsoft Internet Explorer is prone to a race condition that causes a denial of service. The source of the crash is reportedly a NULL-pointer dereference. This vulnerability is similar to the one being tracked as Bugzilla ID 371321 and BID 22679 (Mozilla Firefox OnUnload Memory Corruption Vulnerability). Microsoft Internet Explorer 6 and 7 are vulnerable to this issue.
Affected Products
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Internet Explorer 7.0
References
- BugTraq: 22678
- CVE: CVE-2007-1094