 |
 Microsoft Internet Explorer Mouse Leave Event Handler Memory Corruption Vulnerability (MS10-018)
Industry Reference:CVE-2010-0267.
A remote code execution vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-050.
Microsoft Internet Explorer Post Encoding Information Disclosure Vulnerability (MS10-018)Industry Reference:CVE-2010-0488.
An information disclosure vulnerability has been reported in the way that Internet Explorer handles content using specific encoding strings when submitting data. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which may allow the attacker to view data from a Web page in another Internet Explorer domain. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-051.
Microsoft Internet Explorer HTML Parsing Race Condition Memory Corruption Vulnerability (MS10-018)Industry Reference:CVE-2010-0489.
A remote code execution vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-052.
Microsoft Internet Explorer DOM Operation Memory Corruption Vulnerability (MS10-018)Industry Reference:CVE-2010-0490.
A remote code execution vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-053.
Microsoft Internet Explorer DOM Operation HTML Object Memory Corruption Vulnerability (MS10-018)Industry Reference:CVE-2010-0491.
A remote code execution vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-054.
Microsoft Internet Explorer CSS HTML Object Memory Corruption Vulnerability (MS10-018)Industry Reference:CVE-2010-0492.
A remote code execution vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-055.
Microsoft Internet Explorer Element Cross-Domain Information Disclosure Vulnerability (MS10-018)Industry Reference:CVE-2010-0494.
An information disclosure vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which may allow the attacker to view data from a Web page in another Internet Explorer domain. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-056.
Microsoft Internet Explorer Tabular Control Memory Corruption Vulnerability (MS10-018)Industry Reference:CVE-2010-0805.
A remote code execution vulnerability has been reported in the way that Internet Explorer manages a long URL in certain situations. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-057.
Microsoft Internet Explorer iepeers.dll Remote Code Execution Vulnerability (MS10-018)Industry Reference:CVE-2010-0806.
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2010-044.
Microsoft Internet Explorer HTML CSS Tag Rendering Memory Corruption Vulnerability (MS10-018)Industry Reference:CVE-2010-0807.
A remote code execution vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-058.
Safari JavaScript 'eval' Remote Denial of Service Exploit VulnerabilityIndustry Reference:CVE-2009-3272.
A vulnerability was reported in Safari 3.2.3, specifically in the WebKit.dll" module which is part of the WebKit layout engine. Safari is reported to crash when interpreting a webpage that calls the "eval" JavaScript function with "A/" repeating 21526 times (43052 bytes). When triggering this vulnerability, Safari will throw a "Stack Overflow"
exception, and then an access violation when adjusting the trigger to "A/" repeating 21697 times (43394 bytes). The protection will detect and block JavaScript web pages which try to call the 'eval' function with invalid arguments.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-112.
Mozilla Firefox Browser Engine Memory Corruption VulnerabilityIndustry Reference:CVE-2009-3382.
A memory corruption vulnerability was reported in Mozilla Firefox, a popular Web browser developed by Mozilla Foundation. This flaw is due to the way Mozilla Firefox handles first-letter CSS style elements. A remote attacker can exploit this vulnerability by persuading a target user to open a malicious webpage. Successful attacks could allow for code execution. The protection will detect and block HTML documents that misuse the CSS pseudo-element :first-letter.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-113.
Mozilla Firefox JIT escape Function Memory Corruption VulnerabilityIndustry Reference:CVE-2009-2477.
A memory corruption vulnerability exists in Mozilla Firefox, a web browser developed by Mozilla Foundation. This flaw is due to the way Mozilla Firefox handles JIT (Just-in-Time) escape Function calls. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious web page. The protection will detect and block HTML files which make invalid use of the unescape JavaScript function.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-114.
Mozilla Firefox Browser Engine Memory Corruption VulnerabilityIndustry Reference:CVE-2009-1392.
A memory corruption was reported in vulnerability in Mozilla Firefox. This flaw is due to the way Mozilla Firefox handles firstletter CSS style elements. A remote attacker can exploit this vulnerability by persuading a target user to open a malicious webpage. Successful exploitation could allow for remote code execution. This protection will detect and block HTML files that contain an invalid use of the CSS element whiteSpace.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-115.
Mozilla Firefox PKCS11 Module Installation Code Execution VulnerabilityIndustry Reference:CVE-2009-3076.
A remote code execution vulnerability was reported in Mozilla Firefox, the popular browser from Mozilla Foundation. The vulnerability is due to improper user messaging when using PKCS11 Module to load DLLs. An attacker can exploit this vulnerability by customizing the dialog message to mislead and trick a user into loading a malicious DLL. This protection will detect and block HTML files attempting to make use of the window.pkcs11 property.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-116.
Mozilla Firefox Top-level Script Object Offset Calculation Memory Corruption VulnerabilityIndustry Reference:CVE-2009-3073.
A memory corruption vulnerability exists in Mozilla Firefox web browser. The vulnerability is due to improper calculation of an object offset in a specific case of the top-level script. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could result in arbitrary code execution. This protection will detect and block HTML files containing invalid JavaScript constructs.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-117.
Mozilla Firefox nsPropertyTable PropertyList Memory Corruption VulnerabilityIndustry Reference:CVE-2009-3070.
A memory corruption vulnerability has been reported in Mozilla Firefox web browser. The vulnerability is due to improper handling of PropertyLists in nsPropertyTable while parsing a specially crafted web page. Remote attackers can exploit this vulnerability by convincing a target user to visit a malicious web page, potentially leading to arbitrary code injection and execution on the target system. This protection will detect and block HTML documents with some combination of invalid position property lists.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-118.
Mozilla Firefox Floating Point Number Conversion Memory Corruption VulnerabilityIndustry Reference:CVE-2009-1563.
A memory corruption vulnerability exists in Mozilla Firefox Browser. The vulnerability is due to a boundary error when processing overly long floating point numbers. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page. Successful exploitation could result in execution of arbitrary code. This protection will detect and block HTML files that contain attempts to convert floating point numbers with an invalid level of precision.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-119.
Apple iPhone Safari 'tel:' URI Handling Remote Denial of Service VulnerabilityIndustry Reference:CVE-2009-3271.
The Safari browser on the Apple iPhone is prone to a denial-of-service vulnerability. By persuading a user to visit a specially-crafted Web site containing a overly long tel: URI in an iframe, a remote attacker could exploit this vulnerability to cause the device to crash. This protection will detect and block HTML documents containing 'tel:'-style URIs which are over a threshold length.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-120.
|
April 1, 2010
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|