Check Point Advisories

Internet Explorer VML Objects Use After Free (MS13-037; CVE-2013-2551)

Check Point Reference: CPAI-2013-1695
Date Published: 14 May 2013
Severity: Critical
Last Updated: 11 Jan 2017
Industry Reference:CVE-2013-2551
Protection Provided by:

Security Gateway
R80, R77, R76, R75, R71, R70

Who is Vulnerable?
Vulnerability Description A buffer overflow vulnerability has been reported in Internet Explorer while accessing a dynamic array of attributes of a VML shape object. The vulnerability is due to insufficient correctness check of a VML shape object attribute and may lead to memory corruption in such a way that will allow code execution in the context of the current user. A remote attacker could trigger this flaw by convincing a victim to open a malicious HTML file.

Protection Overview

This protection will detect and block attempts to open a maliciously crafted URL.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R76 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Internet Explorer VML Objects Use After Free (MS13-037) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Internet Explorer vml objects use after free (MS13-037)