Three Critical Remote Code Execution Vulnerabilities Discovered in Microsoft Internet Explorer 9
( Microsoft Security Bulletin MS12-071, CVE-2012-1538, CVE-2012-1539, CVE-2012-4775 )
Summary
Three critical remote code execution vulnerabilities have been disclosed in Internet Explorer (IE) 9. The Check Point IPS Software Blade provides network protection for unpatched systems against all three issues.
Details
The vulnerabilities are due to Internet Explorer 9's improper handling of objects that have either been deleted or not properly initialized. A remote attacker can exploit these issues by enticing a target user to open a maliciously crafted web page. Successful exploitation could allow an attacker to execute arbitrary code in the security context of the logged-on user.
Solution
Check Point recommends deploying the updates described in MS12-071 as soon as is practical. In the meantime, the Check Point IPS Software Blade provides protection for unpatched systems against all three issues in the latest IPS update by detecting and blocking attempts to open web pages that attempt to exploit the vulnerabilities. For more information, see CPAI-2012-803, CPAI-2012-805, and CPAI-2012-807.
Originally Published:
Last Updated: 14-Nov-2012