Signature Detail

HTTP: Microsoft Internet Explorer Style Object Memory Corruption Remote Code Execution

A remote code execution vulnerability exists in Microsoft's Internet Explorer (IE). The vulnerability is due to insufficient validation of an object assigned as a style's behaviour. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page in IE. Successful exploitation could result in execution of arbitrary code in the target user's security context. An unsuccessful exploitation attempt may result in the abnormal termination of the affected IE process.

Extended Description

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.

Affected Products

• Avaya Aura Conferencing 6.0 Standard
• Avaya CallPilot 4.0
• Avaya CallPilot 5.0
• Avaya Communication Server 1000 Telephony Manager 3.0
• Avaya Communication Server 1000 Telephony Manager 4.0
• Avaya Meeting Exchange 5.0
• Avaya Meeting Exchange 5.0.0.0.52
• Avaya Meeting Exchange 5.0 SP1
• Avaya Meeting Exchange 5.0 SP2
• Avaya Meeting Exchange 5.1
• Avaya Meeting Exchange 5.1 SP1
• Avaya Meeting Exchange 5.2
• Avaya Meeting Exchange 5.2 SP1
• Avaya Meeting Exchange 5.2 SP2
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server 5.2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 7.0
• Microsoft Internet Explorer 8
• Microsoft Internet Explorer 9

References

• BugTraq: 49039
• CVE: CVE-2011-1964