Signature Detail

HTTP: Microsoft Internet Explorer Select Element Memory Corruption (CVE-2010-3345)

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to an error when accessing incorrectly initialized memory. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If the attack is unsuccessful, the vulnerable application can terminate abnormally.

Extended Description

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Affected Products

• Avaya Aura Conferencing 6.0 Standard
• Avaya CallPilot 4.0
• Avaya CallPilot 5.0
• Avaya CallPilot
• Avaya Communication Server 1000 Telephony Manager 3.0
• Avaya Communication Server 1000 Telephony Manager 4.0
• Avaya Communication Server 1000 Telephony Manager
• Avaya Meeting Exchange 5.0
• Avaya Meeting Exchange 5.0.0.0.52
• Avaya Meeting Exchange 5.0 SP1
• Avaya Meeting Exchange 5.1
• Avaya Meeting Exchange 5.1 SP1
• Avaya Meeting Exchange 5.2
• Avaya Meeting Exchange 5.2 SP1
• Avaya Meeting Exchange 5.2 SP2
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5.2
• Microsoft Internet Explorer 8

References

• BugTraq: 45260
• CVE: CVE-2010-3345