SID 16007

Msg

"SPECIFIC-THREATS Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt"

Summary

This event is generated when an attempt is made to exploit a known vulnerability in Internet Explorer.

Classtype

attempted-user

Impact

Denial of Service. Information disclosure. Loss of integrity. Complete admin access.

Affected Systems

  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 6.0

Attack Scenarios

Format string vulnerabilities can be very simple to attack. Any program that reads a format string as an input parameter can be exploited if the argument can be controlled by the attacker.

Ease Of Attack

Simple. Exploits exist.

False Positives

None known.

False Negatives

None known.

Corrective Action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Sourcefire Vulnerability Research Team
  • This document was generated from data supplied by the National Vulnerability Database. A product of the National Institute of Standards and Technology.
  • For more information see http://nvd.nist.gov/