Update Protection against Microsoft Internet Explorer createTextRange () Vulnerability (MS06-013)
| Check Point Reference: | CPAI-2006-033 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS06-013 Microsoft Security Advisory (917077) |
|
| Industry Reference(s): | CVE-2006-1359 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Internet Explorer 5.1 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.x | ||
| Vulnerability Description Microsoft Internet Explorer (IE) fails to properly handle the createTextRange() DHTML method, potentially allowing a remote attacker to execute arbitrary code if the attacker has convinced a user to open a specially crafted Web page |
||
|
Vulnerability Status A working exploit code exists for this vulnerability. |
|
|
Vulnerability Details Dynamic HTML (DHTML) is built on an object model that enables Web authors to create more interactive Web pages (comapred to using HTML). A TextRange is a DHTML object that represents text. createTextRange() is a DHTML method that is used to generate a TextRange for a DHTML Object. Internet Explorer does not properly handle the createTextRange() method. When this method is called for certain DHTML objects, memory corruption may occur and potentially allow for remote code execution. |
Protection Overview
The update blocks the createTextRange () method that may allow an attacker to execute code on an affected system.
Note: Depending on the traffic mix, activating this update may result in performance degradation.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R61
How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer and enable Block createTextRange Overflow Vulnerability.
3. Install policy on all modules.
Note: Depending on the traffic mix, activating this update may result in performance degradation.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
VPN-1 NGX R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer and enable Block createTextRange Overflow Vulnerability.
3. Install policy on all modules.
Note: Depending on the traffic mix, activating this update may result in performance degradation.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. Update your SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer and enable Block createTextRange Overflow Vulnerability.
3. Install policy on all modules.
Note: Depending on the traffic mix, activating this update may result in performance degradation.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule #99812.
InterSpect NGX
How Can I Protect My Network?
1. Update your SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
3. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer and enable Block createTextRange Overflow Vulnerability.
4. Install security policy on all modules.
Note: Depending on the traffic mix, activating this update may result in performance degradation.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - IE createTextRange Overflow Vulnerability
InterSpect 2.0
How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer and enable Block createTextRange Overflow Vulnerability.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries: