HighRealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, BlackICE Server Protection, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server IPS for Microsoft Windows technology:
This signature detects an incorrect Content-Type for a requested file which can lead to a code execution condition.
High
RealSecure Server Sensor: XPU 28.050, RealSecure Network: XPU 28.050, BlackICE PC Protection: 3.6cqy, BlackICE Server Protection: 3.6.cqy, Proventia Server IPS for Linux technology: 28.050, Proventia Desktop: 2190, Proventia Network IPS: XPU 28.050, Proventia-G 1.1 and earlier: XPU 28.050, Proventia Network MFS: XPU 28.050, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2190, Proventia Server IPS for Microsoft Windows technology: 2.0.252.2190
Microsoft Internet Explorer: 5.01, Microsoft Internet Explorer: 6, Microsoft Internet Explorer: 6 SP1, Microsoft Internet Explorer: 7
Unauthorized Access Attempt
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of specially-crafted data streams. By persuading a victim to visit a malicious Web page, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
IBM Internet Security Systems Protection Alert, April 8, 2008
Microsoft Internet Explorer File Registered Viewer Code Execution
http://www.iss.net/threats/291.html
Secunia Research 08/04/2008
Internet Explorer Data Stream Handling Vulnerability
http://secunia.com/secunia_research/2007-100/advisory/
NORTEL BULLETIN ID: 2008008773, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-024
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=714032
HPSBST02329 SSRT080048 rev.1
HPSBST02329 SSRT080048 rev.1
Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-018 to MS08-025
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01433452
NORTEL BULLETIN ID: 2008008788, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft April security bulletin
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=716807
Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)
http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx
Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)
http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx
ISS X-Force
Microsoft Internet Explorer data stream code execution
http://www.iss.net/security_center/static/41476.php
CVE
CVE-2008-1085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1085