Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Three Critical Remote Code Execution Vulnerabilities Discovered in Microsoft Internet Explorer 9


( Microsoft Security Bulletin MS12-071, CVE-2012-1538CVE-2012-1539CVE-2012-4775 )

Summary


Three critical remote code execution vulnerabilities have been disclosed in Internet Explorer (IE) 9. The Check Point IPS Software Blade provides network protection for unpatched systems against all three issues.

Details


The vulnerabilities are due to Internet Explorer 9's improper handling of objects that have either been deleted or not properly initialized. A remote attacker can exploit these issues by enticing a target user to open a maliciously crafted web page. Successful exploitation could allow an attacker to execute arbitrary code in the security context of the logged-on user.

Solution


Check Point recommends deploying the updates described in MS12-071 as soon as is practical. In the meantime, the Check Point IPS Software Blade provides protection for unpatched systems against all three issues in the latest IPS update by detecting and blocking attempts to open web pages that attempt to exploit the vulnerabilities. For more information, see CPAI-2012-803CPAI-2012-805, and CPAI-2012-807.

 

Originally Published:

Last Updated: 14-Nov-2012

Legal Notice for Threat Center Advisories