Multiple Vulnerabilities Discovered in Microsoft Internet Explorer
( Microsoft Security Bulletin MS11-081 )
Summary
Microsoft has reported several critical remote code execution vulnerabilities in Internet Explorer. A remote attacker could exploit these vulnerabilities by enticing a user to visit a maliciously crafted Web page that takes advantage of one or more of them. The Check Point IPS Software Blade provides network protection against these issues.
Affected Products
Consult the Check Point Protection links in the table below to see information on which versions of Internet Explorer are susceptible to specific vulnerabilities.
Solution
Check Point recommends that the patches described in Microsoft Security Bulletin MS11-081 be deployed as soon as is practical. In the meantime, the Check Point IPS Software Blade provides immediate network protection of unpatched systems against all of these issues in the latest IPS update, by detecting and blocking access to specially crafted web pages that exploit the vulnerabilities. The following table lists each issue with the associated CVE reference and Check Point Protection.
| Internet Explorer Vulnerability | Industry Reference | Check Point Protection |
|---|---|---|
| Body Element Memory Corruption | CVE-2011-2000 | CPAI-2011-460 |
| Option Element Memory Corruption | CVE-2011-1996 | CPAI-2011-459 |
| Element Index Memory Corruption | CVE-2011-1999 | CPAI-2011-458 |
| Uninitialized Pointer Dereference | CVE-2011-1995 | CPAI-2011-457 |
| Virtual Function Table Memory Corruption | CVE-2011-2001 | CPAI-2011-456 |
| OnLoad Event Memory Corruption | CVE-2011-1997 | CPAI-2011-455 |
| Scroll Event Memory Corruption | CVE-2011-1993 | CPAI-2011-454 |
Originally Published:
Last Updated: 11-Oct-2011