Preemptive Protection against Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
| Check Point Reference: | CPAI-2009-247 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Advisory (977981) Microsoft Security Bulletin MS09-072 |
|
| Industry Reference(s): | CVE-2009-3672 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4 Internet Explorer 6 and Internet Explorer 7 on: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 | ||
| Vulnerability Description A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS09-072 |
|
|
Vulnerability Details The vulnerability is due to the way Internet Explorer accesses an object that has been deleted. To trigger this issue, an attacker may create a malicious web page that will cause Internet Explorer to access exit unexpectedly. Successful exploitation of this vulnerability will crash the browser, and may allow execution of arbitrary code on the vulnerable system. |
Protection Overview
This protection detects and blocks HTML pages attempting to exploit this vulnerability. No update is required to address this vulnerability.
Users of the IPS Software Blade in Security Gateway R70, employing the Recommended Protection Profile, are already protected and no additional configuration is needed on their side.
To configure the defense, select your product from the list below and follow the related protection steps.