Check Point IPS Research Team Discovers Microsoft Internet Explorer MSHTML Vulnerability
( Microsoft Security Bulletin MS10-071, CVE-2010-3331 )
Summary
A remote code execution vulnerability has been discovered by the Check Point IPS Research Team in the mshtml.dll component that is part of Microsoft Internet Explorer. It is used by IE and other applications to render HTML content. A remote attacker could exploit this issue by convincing a user to access a maliciously crafted Word document, subsequently allowing remote code execution.
Details
The vulnerability is due to the way the mshtml.dll component of Internet Explorer accesses an object that has not been initialized or has been deleted. To trigger this issue, an attacker can create a malicious Word file with HTML content and convince a user to access the file. When the user closes the document, the vulnerability could allow remote code execution. Successful exploitation may allow the attacker to take complete control of an affected system.
Affected Products
Internet Explorer versions 6, 7, and 8 have this vulnerability. Please consult CPAI-2010-272 for more details.
Solution
Check Point IPS Software Blade , IPS-1, and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking attempts to exploit this vulnerability.For more information, see CPAI-2010-272.
Acknowledgements
Acknowledgements go to Rodrigo Rubira Branco, a member of the Check Point IPS Research Team, for discovering and reporting this issue.
The Check Point IPS Research team conducts original research on network, protocol and application vulnerabilities. The team also actively monitors and where appropriate communicates with white, black and grayhat communities to identify vulnerabilities and potential exploits before they are introduced into the wild. This research is used to develop and disseminate defenses through relevant Update Services components.
Originally Published:
Last Updated: 15-Oct-2010