Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Multiple Microsoft Internet Explorer Vulnerabilities (MS08-058)

Subscribe

Check Point Reference: CPAI-2008-155
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Bulletin MS08-058
Industry Reference(s): CVE-2008-2947
CVE-2008-3472
CVE-2008-3473
CVE-2008-3475
CVE-2008-3476
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
VSX
  • NGX R65
InterSpect
  • NGX
Who is Vulnerable?
Internet Explorer 5.01
Internet Explorer 6
Internet Explorer 6 SP1
Internet Explorer 7
Vulnerability Description
Microsoft Internet Explorer is prone to multiple memory corruption, information disclosure and remote code execution vulnerabilities. A remote attacker could exploit these flaws by convincing a user to open a maliciously crafted HTML file with Internet Explorer.
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS08-058
Vulnerability Details
CVE-2008-2947 - A cross-domain script attack vulnerability. An attacker could force the script to execute in the wrong security context.

CVE-2008-3472 - An information disclosure vulnerability that is due to the way Internet Explorer handles redirects.

CVE-2008-3473 - A cross-domain vulnerability that is due to the way Internet Explorer is handling the mouse event.

CVE-2008-3475 - A memory corruption vulnerability that could lead to a crash or to remote code execution.

CVE-2008-3476 - A memory corruption vulnerability that could lead to a crash or to remote code execution.

An attacker can trigger these flaws by convincing a user to view a specially crafted HTML document. Successful exploitation could result in the crashing of the victim's Web browser or executing arbitrary code, once the malicious page is loaded.

Protection Overview
By enabling these protections, SmartDefense will detect and block attempts to exploit the vulnerabilities. Depending on the traffic mix, activating these protections may result in performance degradation.

For CVE-2008-2947 apply the Block Internet Explorer Cross-Domain Script Attacks (MS08-058) protection.
For CVE-2008-3472 apply the Block HTML Tag Element Cross-Domain Information Disclosure (MS08-058) protection.
For CVE-2008-3473 apply the Block Internet Explorer Mouse Event Cross-Domain Vulnerability (MS08-058) protection.
For CVE-2008-3475 apply the Block Internet Explorer Mouse Event Memory Corruption (MS08-058) protection.
For CVE-2008-3476 apply the Block Internet Explorer Remote Code Execution (MS08-058) protection.

In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > HTTP Client Protections > Microsoft Internet Explorer Vulnerabilities.
2. Select the following protections:

Block Internet Explorer Cross-Domain Script Attacks (MS08-058)
Block HTML Tag Element Cross-Domain Information Disclosure (MS08-058)
Block Internet Explorer Mouse Event Cross-Domain Vulnerability (MS08-058)
Block Internet Explorer Mouse Event Memory Corruption (MS08-058)
Block Internet Explorer Remote Code Execution (MS08-058)

3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information:
Internet Explorer cross-domain script attack (MS08-058)
HTML tag element cross-domain information disclosure (MS08-058)
Internet Explorer mouse event cross-domain vulnerability (MS08-058)
Internet Explorer mouse event memory corruption (MS08-058)
Internet Explorer remote code execution (MS08-058)

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer Vulnerabilities.
2. Select the following protections:

Block Internet Explorer Cross-Domain Script Attacks (MS08-058)
Block HTML Tag Element Cross-Domain Information Disclosure (MS08-058)
Block Internet Explorer Mouse Event Cross-Domain Vulnerability (MS08-058)
Block Internet Explorer Mouse Event Memory Corruption (MS08-058)
Block Internet Explorer Remote Code Execution (MS08-058)

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information:
Internet Explorer cross-domain script attack (MS08-058)
HTML tag element cross-domain information disclosure (MS08-058)
Internet Explorer mouse event cross-domain vulnerability (MS08-058)
Internet Explorer mouse event memory corruption (MS08-058)
Internet Explorer remote code execution (MS08-058)

VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > HTTP Client Protections > Microsoft Internet Explorer Vulnerabilities.
2. Select the following protections:

Block Internet Explorer Cross-Domain Script Attacks (MS08-058)
Block HTML Tag Element Cross-Domain Information Disclosure (MS08-058)
Block Internet Explorer Mouse Event Cross-Domain Vulnerability (MS08-058)
Block Internet Explorer Mouse Event Memory Corruption (MS08-058)
Block Internet Explorer Remote Code Execution (MS08-058)

3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information:
Internet Explorer cross-domain script attack (MS08-058)
HTML tag element cross-domain information disclosure (MS08-058)
Internet Explorer mouse event cross-domain vulnerability (MS08-058)
Internet Explorer mouse event memory corruption (MS08-058)
Internet Explorer remote code execution (MS08-058)

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer vulnerabilities.
3. Select the following protections:

Block Internet Explorer Cross-Domain Script Attacks (MS08-058)
Block HTML Tag Element Cross-Domain Information Disclosure (MS08-058)
Block Internet Explorer Mouse Event Cross-Domain Vulnerability (MS08-058)
Block Internet Explorer Mouse Event Memory Corruption (MS08-058)
Block Internet Explorer Remote Code Execution (MS08-058)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information:
Internet Explorer cross-domain script attack (MS08-058)
HTML tag element cross-domain information disclosure (MS08-058)
Internet Explorer mouse event cross-domain vulnerability (MS08-058)
Internet Explorer mouse event memory corruption (MS08-058)
Internet Explorer remote code execution (MS08-058)