Microsoft Internet Explorer does not properly validate parameters passed to the MsgBox function. This vulnerability could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1004019
Trend Micro Deep Security DPI Rule Name: 1004019 - Microsoft Internet Explorer win32hlp Remote Code Execution
A complete discussion of the different vulnerability categories, including case studies of vulnerable SCADA HMIs. The paper also provides a guide for vulnerability researchers, as well as vendors on quick and efficient bug discovery.
This paper takes a look at Pawn Storm's operations within the last two years, and how the group has expanded their activities from espionage to the use of cyber propaganda tactics.
Cybercriminals can turn unsecure home routers into slaves for their botnets or even abuse them to steal banking credentials. Know about your router’s hidden weaknesses and the many ways you can defend your homes and businesses against these threats.
