 | ||
 Security Alert: Microsoft Internet Explorer Vulnerability | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Search this Thread | Display Modes |
 2009-12-08 | |||
| |||
 Security Alert: Microsoft Internet Explorer Vulnerability   Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability(CVE-2009-3672, MS 977981) A memory corruption vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability will cause the browser to crash and may allow the execution of arbitrary commands. This vulnerability is due to the way Internet Explorer accesses an object that has been deleted. To trigger this issue, an attacker creates a malicious web page that will cause Internet Explorer to exit unexpectedly. Successful exploitation of this vulnerability will crash the browser, and may allow execution of arbitrary code on the vulnerable system. There is an exploit available in the wild for this vulnerability. At the time of this writing, there is no patch available from Microsoft. Check Point has provided preemptive network protection against exploits that use this vulnerability since November of 2006. Check Point protection is available through its integrated IPS products, IPS Software Blade, and SmartDefense. This protection detects and blocks HTML pages attempting to exploit this vulnerability. For more information, see CPAI-2009-247. Check Point also provides endpoint protection against this threat through the WebCheck feature of its Endpoint Security product. Although products with anti-virus can stop currently known attack vectors that exploit this latest Microsoft IE vulnerability, that still leaves the user vulnerable to new strains of this attack. Check Point’s browser security technology with virtualization completely stops this attack at the source, including not yet known strains and attack vectors that would by-pass traditional security. For consumers, Check Point ZoneAlarm Extreme Security stops this attack through the same virtualization technology as protects enterprise endpoints. November 25, 2009      You have received this notification because either you have a User Center account or you have subscribed to Check Point Alerts. If you would prefer to no longer receive security alerts and defense notifications please click the “Unsubscribe” link below. Read Check Point's Privacy Policy ©2003–2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065 __________________ Barry J. Stiefel ("Stee-ful") B.S., MBA, CCSA/CCSE/CCSE+/CCSI Resilience RCSE/RCSI, Fortinet FCSE CISSP, MCSE, NSA ISM President, CPUG, CPUG University, CPUG CON  |
|
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Linear Mode
