Signature Detail

HTTP: Microsoft Internet Explorer Javascript Page Update Race Condition

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack may results in sensitive information being disclosed to the attacker.

Extended Description

The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations. This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones. UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed. UPDATE (June 6, 2007): The WebKit framework used by Safari is reported vulnerable. Builds 522 and later, which are associated with the nightly WebKit build, are vulnerable; other versions may also be affected.

Affected Products

• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 7.0
• WebKit Open Source Project WebKit

References

• BugTraq: 24283
• CVE: CVE-2007-3091