Internet Explorer 7 Vulnerability
 |
 |
 |
 |
Customers using VPN-1® NGX R65, R62, and VSX NGX R65 are protected against an XML parsing remote code execution vulnerability in Microsoft Internet Explorer 7.
The vulnerability is due to the way Internet Explorer handles data bindings. It can be exploited by convincing a user to open a maliciously crafted HTML file with Internet Explorer, causing the browser to crash and allowing execution of arbitrary commands.
SmartDefense Services provided a protection that blocks attacks that use this vulnerability on December 11. This update could be immediately downloaded by administrators and applied to entire organizations, providing immediate protection without having to configure individual endpoints. Microsoft did not release the related patch until December 17.
For more information, see CPAI-2008-187 and Check Point’s Media Alert.