Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:IE:USE-AFTER-FREE

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Internet Explorer Use-After-Free Remote Code Execution (CVE-2010-0249)

Release Date

 2010/09/29

Update Number

 1782

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Internet Explorer Use-After-Free Remote Code Execution (CVE-2010-0249)


This signature detects attempts to exploit a known code execu vulnerability in Microsoft Internet Explorer. It is due to a use-after-free error within the HTML engine. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. A successful exploit can result in arbitrary code execution.

Extended Description

Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions.

Affected Products

  • Avaya Meeting Exchange - Client Registration Server
  • Avaya Meeting Exchange - Recording Server
  • Avaya Meeting Exchange - Streaming Server
  • Avaya Meeting Exchange - Web Conferencing Server
  • Avaya Meeting Exchange - Webportal
  • Avaya Messaging Application Server MM 1.1
  • Avaya Messaging Application Server MM 2.0
  • Avaya Messaging Application Server MM 3.0
  • Avaya Messaging Application Server MM 3.1
  • Avaya Messaging Application Server
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Internet Explorer 7.0
  • Microsoft Internet Explorer 8
  • Nortel Networks CallPilot 1005R
  • Nortel Networks CallPilot 201I
  • Nortel Networks CallPilot 202I
  • Nortel Networks CallPilot 600R
  • Nortel Networks CallPilot 703T
  • Nortel Networks Contact Center Administration CCMA 6.0
  • Nortel Networks Contact Center Administration CCMA 7.0
  • Nortel Networks Contact Center Express
  • Nortel Networks Contact Center Multimedia & Outbound 6.0
  • Nortel Networks Contact Center Multimedia & Outbound 7.0
  • Nortel Networks Media Processing Server
  • Nortel Networks Media Processing Svr 100
  • Nortel Networks Media Processing Svr 1000 Rel 3.0
  • Nortel Networks Media Processing Svr 500 Rel 3.0
  • Nortel Networks Self Service - CDD
  • Nortel Networks Self-Service Media Processing Server
  • Nortel Networks Self-Service Peri Application
  • Nortel Networks Self-Service Peri CTI
  • Nortel Networks Self-Service Peri Workstation
  • Nortel Networks Self-Service Speech Server

References

  • BugTraq: 37815
  • CVE: CVE-2010-0249

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out