Check Point Advisories

Preemptive Protection against Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability

Check Point Reference: CPAI-2009-247
Date Published: 24 Nov 2009
Severity: Critical
Last Updated: Tuesday 08 December, 2009
Source: Microsoft Security Advisory (977981)
Microsoft Security Bulletin MS09-072
Industry Reference:CVE-2009-3672
Protection Provided by:
Who is Vulnerable? Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
Internet Explorer 6 and Internet Explorer 7 on:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Vulnerability Description A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS09-072
Vulnerability DetailsThe vulnerability is due to the way Internet Explorer accesses an object that has been deleted. To trigger this issue, an attacker may create a malicious web page that will cause Internet Explorer to access exit unexpectedly. Successful exploitation of this vulnerability will crash the browser, and may allow execution of arbitrary code on the vulnerable system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.