Check Point Reference: | CPAI-2011-572 |
Date Published: | 13 Dec 2011 |
Severity: | High |
Last Updated: | Tuesday 13 December, 2011 |
Source: | |
Industry Reference: | CVE-2011-2019 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | A remote code execution vulnerability has been reported in Internet Explorer (IE). The vulnerability is due to an error in the way IE restricts the path used for loading external libraries. A remote attacker could exploit this vulnerability by enticing a user to open a legitimate HTML file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Successful exploitation could allow an attacker to execute arbitrary code in the security context of the logged-on user. |
This protection will detect and block the transferring of malicious DLL files over a network share.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Windows SMB Protection Violation.
Attack Information: Internet Explorer insecure library loading code execution (MS11-089)