HighProventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, RealSecure Network, Proventia Network IPS, IBM Security Host Protection for Desktops, Proventia Network IDS, IBM Security Host Protection for Servers (Unix), Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects an http redirect which can cause memory corruption in internet explorer.
High
Proventia Network MFS: XPU 31.060, Proventia-G 1.1 and earlier: XPU 31.060, IBM Security Host Protection for Servers (Windows): 2.1.14.2650, RealSecure Server Sensor: XPU 31.060, RealSecure Network: XPU 31.060, Proventia Network IPS: XPU 31.060, IBM Security Host Protection for Desktops: 2650, Proventia Network IDS: XPU 31.060, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Server IPS for Linux technology: 31.060, Virtual Server Protection for Vmware: XPU 31.060
Microsoft Internet Explorer: 7.0, Microsoft Internet Explorer: 8.0, Microsoft Internet Explorer: 9.0
Unauthorized Access Attempt
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error related to HTTP redirect when attempting to access objects that have not been correctly initialized or have been deleted. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code with privileges of the victim.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS11-050
Cumulative Security Update for Internet Explorer (2530548)
http://www.microsoft.com/technet/security/bulletin/ms11-050.mspx
ZDI-11-196
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196/
Microsoft Security Bulletin MS11-057
Cumulative Security Update for Internet Explorer (2559049)
http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx
Microsoft Security Bulletin MS11-081
Cumulative Security Update for Internet Explorer (2586448)
http://www.microsoft.com/technet/security/bulletin/ms11-081.mspx
Microsoft Security Bulletin MS11-099
Cumulative Security Update for Internet Explorer (2618444)
http://technet.microsoft.com/en-us/security/bulletin/MS11-099
Microsoft Security Bulletin MS12-010
Cumulative Security Update for Internet Explorer (2647516)
http://technet.microsoft.com/en-us/security/bulletin/ms12-010
Microsoft Security Bulletin MS12-023
Cumulative Security Update for Internet Explorer (2675157)
http://technet.microsoft.com/en-us/security/bulletin/ms12-023
ZDI-11-196
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196
Microsoft Security Bulletin MS12-037
Cumulative Security Update for Internet Explorer (2699988)
http://technet.microsoft.com/en-us/security/bulletin/ms12-037
Microsoft Security Bulletin MS12-044
Cumulative Security Update for Internet Explorer (2719177)
http://technet.microsoft.com/en-us/security/bulletin/ms12-044
Microsoft Security Bulletin MS12-052
Cumulative Security Update for Internet Explorer (2722913)
http://technet.microsoft.com/en-us/security/bulletin/ms12-052
ZDI-11-196
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196
ZDI-11-196
Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196
ISS X-Force
Microsoft Internet Explorer HTTP redirect code execution
http://www.iss.net/security_center/static/67954.php
CVE
CVE-2011-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1262