Check Point Advisories

Microsoft Windows Scripting Engines Script Encoding Code Execution (MS08-022; CVE-2008-0083)

Vulnerability
Protection

Check Point Reference:	CPAI-2008-028
Date Published:	8 Apr 2008
Severity:	Critical
Last Updated:	Tuesday 08 April, 2008
Source:
Industry Reference:	CVE-2008-0083
Protection Provided by:	Security Gateway R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description	VBScript stands for Microsoft Visual Basic Scripting Edition that includes Web client scripting in Microsoft Internet Explorer and Web server scripting in Microsoft Internet Information Service. JScript is the Microsoft implementation of the ECMA 262 language specification (ECMAScript Edition 3). The vulnerability is due to an error in the scripting engines in Microsoft Internet Explorer that fail to properly decode certain scripts in web pages. To trigger this issue, an attacker could convince a user to visit a malicious web page that will exploit this flaw. Successful exploitation of this vulnerability may allow the attacker to execute arbitrary code on a vulnerable system.

Protection Overview

This protection will detect and block any attempt to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

In the IPS tab, click Protections and find the Microsoft Windows Scripting Engines Script Encoding Code Execution (MS08-022) protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Client Enforcement Violation.
Attack Information: Microsoft Windows Scripting Engines script encoding code execution (MS08-022)