Update Protection against Microsoft Argument Handling Memory Corruption Vulnerability (MS08-045)
| Check Point Reference: | CPAI-2008-125 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS08-045 | |
| Industry Reference(s): | CVE-2008-2259 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Internet Explorer 6 and Internet Explorer 7: Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP1(Itanium) Windows Server 2003 with SP2(Itanium)
Internet Explorer 7: | ||
| Vulnerability Description A remote code execution vulnerability was reported in the way Microsoft Internet Explorer handles argument validation in print preview handling. By convincing a user to visit a specially crafted HTML documents or open a malicious web page, a remote attacker could cause the browser to crash allowing execution of arbitrary commands. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-045 |
|
|
Vulnerability Details The vulnerability is caused when Internet Explorer is processing print previews and incorrectly handles validation of arguments, resulting in memory corruption. To trigger this issue, an attacker may create a malicious web page that will exploit this vulnerability. Successful exploitation may allow execution of arbitrary code on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block attempt to exploit this vulnerability.
In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.