|Check Point Reference:||SBP-2006-12|
|Date Published:||18 Oct 2006|
|Last Updated:||21 Jun 2011|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Heap spraying is a new and increasingly popular technique to exploit vulnerabilities in Internet browsers. Heap spraying is used by attackers to implant a shell code on a target system. Shell code is a piece of executable code that opens a command shell that the attacker can control remotely. Microsoft Internet Explorer (IE) is prone to multiple code execution vulnerabilities. These vulnerabilities exist in various Active X control objects and in many Dynamic Link Library (DLL) files. The most effective way to exploit these vulnerabilities is by implanting a shell code in a specially crafted DLL file or COM object, using the heap spray technique. Heap spraying takes place when the vulnerable program (e.g. Microsoft Internet Explorer) 'calls' or 'jumps' into invalid memory. By convincing a user to visit a specially crafted web page, a remote attacker could trigger these vulnerabilities to deny service from legitimate users (by causing the victim's Web browser to crash), execute arbitrary code and take complete control over an affected system.|
The protection addresses Internet Explorer vulnerabilities by blocking a large number of known shell code exploits.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Client Enforcement Violation.
Attack Information: Internet Explorer Heap Spray shell code execution (MS06-055 MS06-067)