Microsoft Internet Explorer toStaticHTML Cross-Site-Scripting (MS11-050; CVE-2011-1252)
|Check Point Reference:||CPAI-2011-298|
|Source:||Microsoft Security Bulletin MS11-050|
|Protection Provided by:||
Who is Vulnerable?
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
An information disclosure vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could inflict cross-site scripting on the user, allowing the attacker to execute script in the user's security context against a site that is using the toStaticHTML API.
Apply patches from Microsoft Security Bulletin MS11-050
This is an information disclosure vulnerability. The vulnerability exists in the way that the toStaticHTML API included in Internet Explorer handles content using specific strings when sanitizing HTML. An attacker who exploited the vulnerability when a user views a Web page that uses the toStaticHTML API could execute scripts in the user's security context against that site.
This protection detects and prevents attempts to exploit this vulnerability.
To configure the defense, select your product from the list below and follow the related protection steps.
Security Gateway R75 / R71 / R70
How Can I Protect My Network?
- In the IPS tab, click Protections and find the Microsoft Internet Explorer toStaticHTML Cross-Site-Scripting (MS11-050) protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
How Do I Know if My Network is Under Attack?