|Check Point Reference:||CPAI-2013-1695|
|Date Published:||14 May 2013|
|Last Updated:||11 Jan 2017|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||A buffer overflow vulnerability has been reported in Internet Explorer while accessing a dynamic array of attributes of a VML shape object. The vulnerability is due to insufficient correctness check of a VML shape object attribute and may lead to memory corruption in such a way that will allow code execution in the context of the current user. A remote attacker could trigger this flaw by convincing a victim to open a malicious HTML file.|
This protection will detect and block attempts to open a maliciously crafted URL.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Client Enforcement Violation.
Attack Information: Internet Explorer vml objects use after free (MS13-037)