Update Protection against Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability (MS08-058)
| Check Point Reference: | CPAI-2008-159 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS08-058 | |
| Industry Reference(s): | CVE-2008-3474 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Internet Explorer 5.01 Internet Explorer 6 Internet Explorer 6 SP1 Internet Explorer 7 | ||
| Vulnerability Description An information disclosure vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-058 |
|
|
Vulnerability Details The vulnerability is due to an error in Internet Explorer that fails to correctly interpret the origin of scripts. An attacker can trigger this flaw by convincing a user to view a specially crafted HTML document. Successful exploitation of this issue may allow the attacker to read cookies or other data from another domain or Internet Explorer security zone. |
Protection Overview
By enabling this protection, SmartDefense will detect and block attempts to exploit this vulnerability. Depending on the traffic mix, activating these protections may result in performance degradation.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.