Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:IE:TIME-ELEMENT

Severity

 High

Recommended

 No

Category

 HTTP

Keywords

 Microsoft Internet Explorer HTML Time Element Memory Corruption

Release Date

 2011/01/26

Update Number

 1854

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Internet Explorer HTML Time Element Memory Corruption


This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to an error when accessing an object that has been incorrectly initialized or deleted. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful attack where code is injected, the behavior of the target host is entirely dependent on the intended function of the injected code. The injected code would execute within the security context of the currently logged in user. In an unsuccessful attack, the vulnerable application can terminate abnormally.

Extended Description

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Affected Products

  • Avaya Aura Conferencing 6.0 Standard
  • Avaya CallPilot 4.0
  • Avaya CallPilot 5.0
  • Avaya CallPilot
  • Avaya Communication Server 1000 Telephony Manager 3.0
  • Avaya Communication Server 1000 Telephony Manager 4.0
  • Avaya Communication Server 1000 Telephony Manager
  • Avaya Meeting Exchange 5.0
  • Avaya Meeting Exchange 5.0.0.0.52
  • Avaya Meeting Exchange 5.0 SP1
  • Avaya Meeting Exchange 5.1
  • Avaya Meeting Exchange 5.1 SP1
  • Avaya Meeting Exchange 5.2
  • Avaya Meeting Exchange 5.2 SP1
  • Avaya Meeting Exchange 5.2 SP2
  • Avaya Meeting Exchange - Client Registration Server
  • Avaya Meeting Exchange - Recording Server
  • Avaya Meeting Exchange - Streaming Server
  • Avaya Meeting Exchange - Web Conferencing Server
  • Avaya Meeting Exchange - Webportal
  • Avaya Messaging Application Server 4
  • Avaya Messaging Application Server 5.2
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Internet Explorer 6.0 SP2
  • Microsoft Internet Explorer 7.0
  • Microsoft Internet Explorer 8

References

  • BugTraq: 45261
  • CVE: CVE-2010-3346

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out