Microsoft Internet Explorer HTTP redirect code execution (HTTP_Redirect_Memory_Corruption)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Host Protection for Servers (Unix), Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia Network IDS:

This signature detects an http redirect which can cause memory corruption in internet explorer.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2650, RealSecure Server Sensor: XPU 31.060, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Server IPS for Linux technology: 31.060, Virtual Server Protection for Vmware: XPU 31.060, Proventia Network IPS: XPU 31.060, Proventia-G 1.1 and earlier: XPU 31.060, Proventia Network MFS: XPU 31.060, IBM Security Host Protection for Desktops: 2650, Proventia Network IDS: XPU 31.060

Systems affected

Microsoft Internet Explorer: 7.0, Microsoft Internet Explorer: 8.0, Microsoft Internet Explorer: 9.0

Type

Unauthorized Access Attempt

Vulnerability description

Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error related to HTTP redirect when attempting to access objects that have not been correctly initialized or have been deleted. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code with privileges of the victim.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.

— OR —

Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.

References

Microsoft Security Bulletin MS11-050
Cumulative Security Update for Internet Explorer (2530548)
http://www.microsoft.com/technet/security/bulletin/ms11-050.mspx

ZDI-11-196
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196/

Microsoft Security Bulletin MS11-057
Cumulative Security Update for Internet Explorer (2559049)
http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx

Microsoft Security Bulletin MS11-081
Cumulative Security Update for Internet Explorer (2586448)
http://www.microsoft.com/technet/security/bulletin/ms11-081.mspx

Microsoft Security Bulletin MS11-099
Cumulative Security Update for Internet Explorer (2618444)
http://technet.microsoft.com/en-us/security/bulletin/MS11-099

Microsoft Security Bulletin MS12-010
Cumulative Security Update for Internet Explorer (2647516)
http://technet.microsoft.com/en-us/security/bulletin/ms12-010

Microsoft Security Bulletin MS12-023
Cumulative Security Update for Internet Explorer (2675157)
http://technet.microsoft.com/en-us/security/bulletin/ms12-023

ZDI-11-196
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196

Microsoft Security Bulletin MS12-037
Cumulative Security Update for Internet Explorer (2699988)
http://technet.microsoft.com/en-us/security/bulletin/ms12-037

Microsoft Security Bulletin MS12-044
Cumulative Security Update for Internet Explorer (2719177)
http://technet.microsoft.com/en-us/security/bulletin/ms12-044

Microsoft Security Bulletin MS12-052
Cumulative Security Update for Internet Explorer (2722913)
http://technet.microsoft.com/en-us/security/bulletin/ms12-052

ZDI-11-196
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196

ZDI-11-196
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196

ISS X-Force
Microsoft Internet Explorer HTTP redirect code execution
http://www.iss.net/security_center/static/67954.php

CVE
CVE-2011-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1262