Check Point Advisories

Preemptive Protection against Internet Explorer XSLT Object Memory Corruption (MS11-057; CVE-2011-1963)

Check Point Reference: CPAI-2011-370
Date Published: 9 Aug 2011
Severity: Critical
Last Updated: Saturday 01 January, 2011
Source: Microsoft Security Bulletin MS11-057
Industry Reference:CVE-2011-1963
CVE-2010-2558
Protection Provided by:
Who is Vulnerable? Internet Explorer 7 for:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 & 2
Windows Vista x64 Edition Service Pack 1 & 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 8 for:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Internet Explorer 8 for Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Internet Explorer 9 for:

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack

Vulnerability Description A memory corruption vulnerability has been reported in an XSLT object within Microsoft Internet Explorer. A remote attacker can leverage this vulnerability to execute arbitrary code on an affected system, within the security context of the logged in user.
Update/Patch AvaliableApply patches from:
MS11-057
Vulnerability DetailsThis is a memory corruption vulnerability. The issue is caused due to an error in the way Internet Explorer attempts to access certain objects that have not been initialized or have been deleted. A remote attacker can exploit this vulnerability by enticing an unsuspecting victim to open a malicious web page. Successful exploitation of this vulnerability may cause a memory corruption condition which may allow an attacker to execute arbitrary code on an affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK