Microsoft Internet Explorer 8 Denial of Service Vulnerability
2011年7月1日
危険度: : 中
CVE識別番号: CVE-2009-2764
概要
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Due to the nature of this issue attackers may be able to corrupt process memory and execute arbitrary code, but this has not been confirmed.
The issue affects Internet Explorer 8; other versions may also be vulnerable.
Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
トレンドマイクロの対策
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1003683
Trend Micro Deep Security DPI Rule Name: 1003683 - Microsoft Internet Explorer 8 Denial Of Service Vulnerability
影響を受けるソフトウェア
- microsoft internet_explorer 8.0.7100.0
- microsoft windows_7 -