Internet Explorer Vulnerabilities

Microsoft has released a security update addressing three remote code execution vulnerabilities in Internet Explorer. Attackers could exploit these vulnerabilities through a specially-constructed webpage that, when browsed by the victim computer, would allow them to execute remote code on the victim computer.

Details

The following Internet Explorer vulnerabilities are included in this update:

CVE-2009-1919
This vulnerability results from the way Internet Explorer accesses an object that has been deleted. When Internet Explorer attempts to access an object that has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user. See CPAI-2009-143 for details and protection information.

CVE-2009-1918
This vulnerability results from the way that Internet Explorer handles table operations in specific situations. When Internet Explorer handles table operations in specific situations, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user. See CPAI-2009-141 for details and protection information.

CVE-2009-1917
This vulnerability results from the way that Internet Explorer handles a memory object. When Internet Explorer attempts to access an object that has been deleted, memory may be corrupted in such a way that an attacker could execute arbitrary code in the context of the logged-on user. See CPAI-2009-139 for details and protection information.

Protection

Check Point provides immediate protection against these vulnerabilities to its enterprise customers through its integrated IPS offerings, Check Point IPS Software Blade and SmartDefense.