Microsoft Internet Explorer 8 Denial of Service Vulnerability
Gravedad: Medio
Identificadores de CVE : CVE-2009-2764
Fecha recomendada: 01 de julio de 2011
Descripción
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Due to the nature of this issue attackers may be able to corrupt process memory and execute arbitrary code, but this has not been confirmed.
The issue affects Internet Explorer 8; other versions may also be vulnerable.
Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
Revelación de la información
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1003683
Trend Micro Deep Security DPI Rule Name: 1003683 - Microsoft Internet Explorer 8 Denial Of Service Vulnerability
Software y versión afectados
- microsoft internet_explorer 8.0.7100.0
- microsoft windows_7 -