Microsoft Security

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

• Check Point Response
• Internet Explorer Scroll Event Memory Corruption (MS11-081; CVE-2011-1993) Release Date:

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

• Check Point Response
• Microsoft Internet Explorer Uninitialized Pointer Dereference (MS11-081; CVE-2011-1995) Release Date:

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

• Check Point Response
• Internet Explorer Option Element Memory Corruption (MS11-081; CVE-2011-1996) Release Date:

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

• Check Point Response
• Internet Explorer OnLoad Event Memory Corruption (MS11-081; CVE-2011-1997) Release Date:

A remote code execution vulnerability exists in the way that Internet Explorer accesses a dereferenced memory address. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

• Check Point Response
• Microsoft Internet Explorer Element Index Memory Corruption (MS11-081; CVE-2011-1999) Release Date:

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

• Check Point Response
• Internet Explorer Body Element Memory Corruption (MS11-081; CVE-2011-2000) Release Date:

A remote code execution vulnerability exists in the way that Internet Explorer accesses a virtual function table after it has been corrupted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

• Check Point Response
• Internet Explorer Virtual Function Table Memory Corruption (MS11-081; CVE-2011-2001) Release Date:

An HTTP response splitting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.

• Check Point Response
• Microsoft Forefront UAG ExcelTable Information Disclosure (MS11-079; CVE-2011-1895) Release Date:

An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.

• Check Point Response
• Microsoft ForeFront ExcelTable Data Cross-Site Scripting (MS11-079) Release Date:

An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.

• Check Point Response
• Preemptive Protection against Microsoft Forefront UAG ExcelTable Reflected XSS Information Disclosure (MS11-079; CVE-2011-1896) Release Date:

An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.

• Check Point Response
• Microsoft ForeFront Default Portal Cross-Site Scripting (MS11-079) Release Date:

An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.

• Check Point Response
• Preemptive Protection against Microsoft Forefront UAG Default Reflected XSS Information Disclosure (MS11-079; CVE-2011-1897) Release Date:

Microsoft Forefront Unified Access Gateway (UAG) applies a signed Java applet that can be leveraged by malicious Web sites to cause remote code execution on any Java-enabled Web browser.

• Check Point Response
• Microsoft Forefront UAG Poisoned Cup of Code Execution (MS11-079; CVE-2011-1969) Release Date:

A denial of service vulnerability exists in implementations of Microsoft Forefront Unified Access Gateway (UAG). When this occurs, an attacker could leverage the vulnerability to stop the IIS worker process and deny access to Web services on the affected system.

• Check Point Response
• Microsoft Forefront UAG Session Cookie Denial of Service (MS11-079; CVE-2011-2012) Release Date:

A remote code execution vulnerability exists in the way that the Microsoft .NET Framework and Silverlight framework restrict inheritance within classes. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Microsoft .Net and Silverlight Framework Remote Code Execution (MS11-078; CVE-2011-1253) Release Date:

A remote code execution vulnerability exists in the Windows kernel due to improper handling of a specially crafted .fon font file. The vulnerability could allow an attacker to run code in kernel-mode and then install programs; view, change, or delete data; or create new accounts with full administrative rights.

• Check Point Response
• Portable Executable (PE) 16-bit File Release Date:

A remote code execution vulnerability exists in the Windows kernel due to improper handling of a specially crafted .fon font file. The vulnerability could allow an attacker to run code in kernel-mode and then install programs; view, change, or delete data; or create new accounts with full administrative rights.

• Check Point Response
• Preemptive Protection against Microsoft Windows Kernel Font Library File Buffer Overrun (MS11-077; CVE-2011-2003) Release Date:

A remote code execution vulnerability exists in the way that Windows Media Center handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Microsoft Windows Multiple COM Binary Planting Vulnerabilities (MS11-076; CVE-2011-2009) Release Date:

A remote code execution vulnerability exists in the way that the Microsoft Active Accessibility component handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Microsoft Active Accessibility DLL Loading Remote Code Execution (MS11-075; CVE-2011-1247) Release Date: