This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attemps to exploit a weakness in the Internet Explorer CSS parser, which allows an attacker to issue a denial-of-service attack on the target host and possibly allows the attacker to execute arbitrary code.
A heap overflow vulnerability has been discovered in Internet Explorer. It is reported that the issue presents itself when a comment character sequence that is not terminated is encountered after a STYLE tag.
It is reported that Internet Explorer will, under proper circumstances, compute the length of a comment string by subtracting a pointer to the terminator "*/" sequence of a comment from a pointer to the opening sequence "/*" of a comment. The result is used as a boundary check during a memcpy() operation performed on the comment string.
It is reported that if the comment is not closed with a terminator "*/" sequence, the algorithm used to derive the length of the comment string will result in a -2 Unicode string length. The memcpy() function will employ this value as 0xFFFFFFFE, and the size of this copy operation will result in a crash when a memory access violation occurs.
This issue could be exploited by a remote attacker to execute arbitrary code or cause a denial-of-service. The attacker would likely create a malicious HTML page and host it on a site. The attacker would then attempt to entice a user to visit the malicious page to carry out a successful attack. Other attack vectors may also exist, such as HTML email or other system components that support Cascading Style Sheets.
- Avaya DefinityOne Media Servers
- Avaya IP600 Media Servers
- Avaya Modular Messaging (MSS) 1.1, 2.0
- Avaya S3400 Message Application Server
- Avaya S8100 Media Servers
- Microsoft Internet Explorer 5.0, 5.0.1, 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 5.5, 5.5 SP1, 5.5 SP2, 6.0, 6.0 SP1