Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Check Point IPS Protects Against Nine Vulnerabilities Discovered in Microsoft Internet Explorer


( Microsoft Security Bulletin MS11-050 )

Summary


Nine vulnerabilities have been discovered in Microsoft Internet Explorer, eight of which are remote code execution issues. The ninth, CVE-2011-1261, can result in information disclosure and allow cross-site scripting. A remote attacker could exploit any one of these vulnerabilities by constructing a specially crafted Web page that takes advantage of it.

Affected Products

These issues affect Internet Explorer on the 32 and 64 bit versions of the following operating systems :

  • Internet Explorer 8:
    • Windows XP
    • Windows Server 2003
    • Windows Vista
    • Windows Server 2008 and 2008 R2
    • Windows 7
  • Internet Explorer 9:
    • Windows Vista
    • Windows Server 2008 and 2008 R2
    • Windows 7

Solution


The Check Point IPS Software Blade provides immediate network protection against all of these issues in the latest IPS update by detecting and blocking access to specially crafted web pages that exploit the vulnerabilities. The following table lists each issue with its severity as well as the associated CVE reference and Check Point Protection.

Internet Explorer VulnerabilitySeverity Industry Reference Check Point Protection
toStaticHTML Cross-Site Scripting High CVE-2011-1252 CPAI-2011-298
Redirect CDL Protocol Memory Corruption Critical CVE-2011-1262 CPAI-2011-299
HTML Null Element Memory Corruption Critical CVE-2011-1251 CPAI-2011-300
Link Properties Handling Memory Corruption Critical CVE-2011-1250 CPAI-2011-301
Handling Layout Memory Corruption Critical CVE-2011-1254  CPAI-2011-302
Time Element Memory Corruption Critical CVE-2011-1255  CPAI-2011-303
Layout Remote Code Execution Critical CVE-2011-1260  CPAI-2011-305
DOM Modification Remote Code Execution Critical CVE-2011-1256 CPAI-2011-306
Selection Handling Memory Corruption High CVE-2011-1261  CPAI-2011-308

 

Originally Published:

Last Updated: 14-Jun-2011

Legal Notice for Threat Center Advisories