»Internet Explorer iepeers.dll Remote Code Execution Vulnerability
(Security Advisory 981374, CVE-2010-0806)
On March 9th Microsoft warned of a zero-day remote code execution vulnerability in Microsoft Internet Explorer that is being used in targeted attacks. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer which will cause the browser to crash and may allow execution of arbitrary commands.
The vulnerability reportedly affects IE 6 and 7 which still holds 53% of the browser market share*, while Internet Explorer 5 and 8 are not affected. The vendor reports that the vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution. As of March 10th 2010 a patch is not currently available.
Check Point provides immediate protection against this zero-day vulnerability through its integrated IPS offerings. Check Point SmartDefense and IPS Software Blade detect and block attempts to exploit this vulnerability. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. For more information, see CPAI-2010-044.
* NETMARKETSHARE Browser Version Market Share 2009
March 10, 2010
©Copyright 2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065