Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Critical Remote Code Execution Vulnerability in Internet Explorer Disclosed


Microsoft Security Bulletin MS12-077CVE-2012-4787 )

Summary


A critical vulnerability in Microsoft Internet Explorer could be exploited by an attacker and allow her to execute malicious code on a targeted computer. The Check Point IPS Software Blade provides immediate protection of unpatched systems against this issue.

Details


The vulnerability is due to how Internet Explorer accesses an object that has not been correctly initialized or has been deleted. This can corrupt system memory in such a way that an attacker could execute arbitrary code on a targeted system after enticing the user to visit a maliciously crafted web page.

Affected Products

The following products are vulnerable:

  • Internet Explorer 9 for Windows Vista Service Pack 2
  • Internet Explorer 9 for Windows Vista x64 Edition Service Pack 2
  • Internet Explorer 9 for Windows Server 2008 for 32-bit Systems Service Pack 2
  • Internet Explorer 9 for Windows Server 2008 for x64-based Systems Service Pack 2
  • Internet Explorer 9 for Windows 7 for 32-bit Systems 
  • Internet Explorer 9 for Windows 7 for 32-bit Systems Service Pack 1
  • Internet Explorer 9 for Windows 7 for x64-based Systems 
  • Internet Explorer 9 for Windows 7 for x64-based Systems Service Pack 1
  • Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems 
  • Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Internet Explorer 10 in Windows 8 for 32-bit Systems
  • Internet Explorer 10 in Windows 8 for 64-bit Systems 
  • Internet Explorer 10 in Windows Server 2012 
  • Internet Explorer 10 in Windows RT

Solution

Check Point recommends deploying the update described in MS12-077 as soon as is practical. The Check Point IPS Software Blade provides protection of unpatched systems at the network level by detecting and blocking attempts to open maliciously crafted web pages. For more information, see CPAI-2012-1252.

 

Originally Published:

Last Updated: 12-Dec-2012

Legal Notice for Threat Center Advisories