Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Internet Explorer Selection Handling Memory Corruption (MS11-050; CVE-2011-1261)

Subscribe

Check Point Reference: CPAI-2011-308
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Bulletin MS11-050
Industry Reference(s): CVE-2011-1261
Protection Provided by: Security Gateway
  • R75
  • R71
  • R70
VPN-1
  • NGX R65
VSX
  • NGX R65
IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Internet Explorer 6 for Windows XP Service Pack 3
Internet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 Service Pack 2
Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7 for Windows XP Service Pack 3
Internet Explorer 7 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 7 for Windows Server 2003 Service Pack 2
Internet Explorer 7 for Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7 in Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Internet Explorer 7 in Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 8 for Windows XP Service Pack 3
Internet Explorer 8 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 8 for Windows Server 2003 Service Pack 2
Internet Explorer 8 for Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 8 in Vista Service Pack 1 and Windows Vista Service Pack 2
Internet Explorer 8 in Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 in Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 8 in Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Internet Explorer 9 for Windows Vista Service Pack 2
Internet Explorer 9 for Windows Vista x64 Edition Service Pack 2
Internet Explorer 9 for Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 for Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 9 for Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 9 for Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Vulnerability Description
A remote code execution vulnerability has been reported in the way that Microsoft Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. Successful exploitation of this vulnerability could gain the same user rights as the logged-on user, allowing the attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
Update/Patch Available
Apply patches from Microsoft Security Bulletin MS11-050
Vulnerability Details
This is a remote code execution vulnerability. When Internet Explorer attempts to access an object that has not been initialized or has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user. Successful exploitation of this vulnerability could gain the same user rights as the logged-on user, allowing the attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

Protection Overview
This protection detects and blocks attempts to exploit this vulnerability.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Internet Explorer Selection Handling Memory Corruption (MS11-050) protection using the Search tool and Edit the protection's settings. 
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?

SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation 
Attack Information: Internet Explorer Selection Handling Memory Corruption (MS11-050)

IPS-1 & IPS1-NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > HTML, and select the Internet Explorer protection group.
3. Click Internet Explorer Selection Object Memory Corruption (MS11-050) (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: Internet Explorer Vulnerabilities
Description: Internet Explorer Selection Object Memory Corruption (MS11-050)