Intrusion PreventionMS.IE.Element.Tags.Memory.Corruption
Description
This indecates detection of an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
The vulnerability results from an error in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. As a result of storing references to document nodes and then removing them by a separate reference, the document model in memory becomes unstable. Accessing the tags property while the document is in this unstable condition results in heap corruption, allowing the execution of arbitrary code.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability, in that the victim must visit a malicious page.
Affected Products
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Impact
System compromise, remote code execution.
Recommended Actions
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
References
zdi-07-075| ID | 15197 |
| Created | Dec 12, 2007 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2007-5344 |
| Exploit Prediction Score | 80.45% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | IE |