Check Point Advisories

Internet Explorer Heap Spray Shell Code Execution (MS06-055 MS06-067; CVE-2006-4868; CVE-2006-4777; CVE-2006-4446; CVE-2009-2991)

Check Point Reference: SBP-2006-12
Date Published: 18 Oct 2006
Severity: High
Last Updated: 21 Jun 2011
Source:
Industry Reference:CVE-2006-4868
CVE-2006-4777
CVE-2006-4446
CVE-2009-2991
Protection Provided by:

Security Gateway
R80, R77, R76, R75, R71, R70

Who is Vulnerable?
Vulnerability Description Heap spraying is a new and increasingly popular technique to exploit vulnerabilities in Internet browsers. Heap spraying is used by attackers to implant a shell code on a target system. Shell code is a piece of executable code that opens a command shell that the attacker can control remotely. Microsoft Internet Explorer (IE) is prone to multiple code execution vulnerabilities. These vulnerabilities exist in various Active X control objects and in many Dynamic Link Library (DLL) files. The most effective way to exploit these vulnerabilities is by implanting a shell code in a specially crafted DLL file or COM object, using the heap spray technique. Heap spraying takes place when the vulnerable program (e.g. Microsoft Internet Explorer) 'calls' or 'jumps' into invalid memory. By convincing a user to visit a specially crafted web page, a remote attacker could trigger these vulnerabilities to deny service from legitimate users (by causing the victim's Web browser to crash), execute arbitrary code and take complete control over an affected system.

Protection Overview

The protection addresses Internet Explorer vulnerabilities by blocking a large number of known shell code exploits.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R76 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Internet Explorer Heap Spray Shell Code Execution (MS06-055 MS06-067) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Internet Explorer Heap Spray shell code execution (MS06-055 MS06-067)

This website uses cookies to ensure you get the best experience. More Info Got it, Thanks!