Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Internet Explorer HtmlLayout Remote Code Execution (MS12-010; CVE-2012-0011)


Check Point Reference: CPAI-2012-053
Date Published:
Source: Microsoft Security Bulletin MS12-010
Industry Reference(s): CVE-2012-0011
Protection Provided by: Security Gateway
  • R70
  • R71
  • R75
Who is Vulnerable?
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Vulnerability Description
A remote code execution vulnerability has been reported in Internet Explorer.
Update/Patch Available
Apply patches from: MS12-010
Vulnerability Details
The vulnerability is due to an error in the way Internet Explorer accesses an object that has been deleted. A remote attacker may exploit this issue by enticing a target user to open a specially crafted web-page with an affected version of Internet Explorer. Successful exploitation could allow an attacker to gain the same user rights as a logged-on user.

Protection Overview
This protection will detect and block attempts to open a specially crafted web-page.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Internet Explorer HtmlLayout Remote Code Execution (MS12-010) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Internet Explorer HtmlLayout remote code execution (MS12-010)