Update Protection against Microsoft Windows Search Parsing Remote Code Execution Vulnerability (MS08-075)
| Check Point Reference: | CPAI-2008-184 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS08-075 | |
| Industry Reference(s): | CVE-2008-4269 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 (Itanium) | ||
| Vulnerability Description A remote code execution vulnerability was reported in Windows Explorer which allows calling the search-ms protocol handler. Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types. Windows Search has XML-based files that save information about a search in Windows. A remote attacker may exploit this vulnerability to take complete control of an affected system via a specially crafted Web page. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-075 |
|
|
Vulnerability Details The vulnerability is due to an error in Internet Explorer that does not correctly interpret parameters when parsing the search-ms protocol. An attacker can trigger this flaw by convincing a user to view a specially crafted HTML document. Successful exploitation of this vulnerability allows execution of arbitrary code on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.