Check Point Reference: | CPAI-2007-305 |
Date Published: | 6 Dec 2009 |
Severity: | High |
Last Updated: | Sunday 06 December, 2009 |
Source: | |
Industry Reference: | CVE-2007-2223 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | Microsoft Windows is shipped with an XML processing framework, named MSXML or Microsoft XML Core services. The framework is used by applications shipped with the operating system as well as third party applications. The most popular application using this framework is Internet Explorer, which can transform XML files using XSL style sheets. There exists an integer overflow vulnerability in Microsoft XML Core Services. The vulnerability is caused due to lack of a parameter verification in the substringData method of various MSXML ActiveX controls. A remote attack can exploit these vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in arbitrary code execution. If command execution is successful, the behavior of the target will depend on the intention of the attacker. Any command will be executed within the security context of the currently logged in user. In an attack case where code injection is not successful, the Internet Explorer will terminate abnormally. |
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Client Enforcement Violation.
Attack Information: Microsoft XML Core services memory corruption (MS07-042)