Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft Internet Explorer toStaticHTML API Cross-Site-Scripting Vulnerability (MS10-072)

Subscribe

Check Point Reference: CPAI-2010-293
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Bulletin MS10-071
Microsoft Security Bulletin MS10-072
Industry Reference(s): CVE-2010-3324
Protection Provided by: Security Gateway
  • R71
  • R70
VPN-1
  • NGX R65
VSX
  • NGX R65
IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Microsoft Windows SharePoint Services 3.0 SP2 (32-bit versions)
Microsoft Windows SharePoint Services 3.0 SP2 (64-bit versions)
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2007 SP2 (32-bit editions)
Microsoft SharePoint Server 2007 SP2 (64-bit editions)
Microsoft Groove Server 2010
Microsoft Office Web Apps

Internet Explorer 8 for:
Windows XP SP3
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Vista SP1
Windows Vista SP2
Windows Vista x64 Edition SP1
Windows Vista x64 Edition SP2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems SP2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems SP2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 (Itanium) 
Vulnerability Description
An information disclosure vulnerability has been reported in the way that the toStaticHTML API sanitizes HTML. The toStaticHTML API is used to remove event attributes and script from user input before display as HTML. A remote attacker may exploit this vulnerability to perform cross-site scripting attacks and run script in the security context of the logged-on user. 
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS10-071
Microsoft Security Bulletin MS10-072
Vulnerability Details
The vulnerability is due to the way that Internet Explorer handles content using specific strings when sanitizing HTML. To exploit this issue, an attacker must have the ability to submit a specially crafted script to a target site. Successful exploitation of this vulnerability could allow the attacker to execute a cross-site scripting attack on the user, allowing the attacker to execute script in the user's security context against a site that is using the toStaticHTML API.

Protection Overview
This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense,go to SBP-2006-05Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway: R70/R71

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Web Intelligence > HTTP Client Protections > Microsoft Internet Explorer Vulnerabilities.
2. In the right pane, double-click the Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-072) protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Internet Explorer toStaticHTML API cross-site-scripting (MS10-072)

VPN-1 NGX R65 & VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > HTTP Client Protections > Microsoft Internet Explorer Vulnerabilities > Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-072).
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Internet Explorer toStaticHTML API cross-site-scripting (MS10-072)

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > HTML, and select the Internet Explorer protection group.
3. Click Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-071) (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: Internet Explorer Vulnerabilities
Description: Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-071)