Update Protection against JScript Scripting Engine Web Pages Decoding Code Execution Vulnerability (MS09-045)
| Check Point Reference: | CPAI-2009-181 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS09-045 | |
| Industry Reference(s): | CVE-2009-1920 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? JScript 5.6 on: Microsoft Windows 2000 SP4 Windows Server 2003 SP2 Windows Server 2003 for x64-based Systems SP2 Windows Server 2003 (Itanium) SP2 Windows XP SP2 Windows XP Professional x64 Edition SP2 JScript 5.7 on: JScript 5.8 on: | ||
| Vulnerability Description A remote code execution vulnerability has been reported in the way that the JScript scripting engine decodes script in Web pages. JScript is an interpreted, object-based scripting language that is often used to make Web sites more flexible or interactive. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS09-045 |
|
|
Vulnerability Details The vulnerability is due to a memory corruption error in the JScript scripting engine when it attempts to load the decoded script into memory in order to run it. A remote attacker could exploit this issue by convincing a user to visit a malicious Web page. Successful exploitation of this issue may lead to a crash in Internet Explorer and may allow remote code execution on the affected system. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.