Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:IE:SELECT-EMPTY

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Internet Explorer selection.empty Use After Free (CVE-2011-1261)

Release Date

 2011/06/22

Update Number

 1943

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Internet Explorer selection.empty Use After Free (CVE-2011-1261)


A User-After-Free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to improper handling of the selection.empty script expression. Remote attackers can exploit this vulnerability by enticing target users to open a malicious web page using Internet Explorer, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In an attack scenario where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the logic of the malicious code. If such an attack is not successful, Internet Explorer may terminate abnormally.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the affected application. Failed attacks will cause denial-of-service conditions.

Affected Products

  • Avaya Aura Conferencing 6.0 Standard
  • Avaya CallPilot 4.0
  • Avaya CallPilot 5.0
  • Avaya Communication Server 1000 Telephony Manager 3.0
  • Avaya Communication Server 1000 Telephony Manager 4.0
  • Avaya Meeting Exchange 5.0
  • Avaya Meeting Exchange 5.0.0.0.52
  • Avaya Meeting Exchange 5.0 SP1
  • Avaya Meeting Exchange 5.0 SP2
  • Avaya Meeting Exchange 5.1
  • Avaya Meeting Exchange 5.1 SP1
  • Avaya Meeting Exchange 5.2
  • Avaya Meeting Exchange 5.2 SP1
  • Avaya Meeting Exchange 5.2 SP2
  • Avaya Meeting Exchange - Client Registration Server
  • Avaya Meeting Exchange - Recording Server
  • Avaya Meeting Exchange - Streaming Server
  • Avaya Meeting Exchange - Web Conferencing Server
  • Avaya Meeting Exchange - Webportal
  • Avaya Messaging Application Server 4
  • Avaya Messaging Application Server 5
  • Avaya Messaging Application Server 5.2
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Internet Explorer 6.0 SP2
  • Microsoft Internet Explorer 6.0 SP3
  • Microsoft Internet Explorer 7.0
  • Microsoft Internet Explorer 7.0
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9

References

  • BugTraq: 48210
  • CVE: CVE-2011-1261

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out