Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft Office Art Drawing Records Code Execution Vulnerability (MS10-087)

Subscribe

Check Point Reference: CPAI-2010-308
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Bulletin MS10-087
Industry Reference(s): CVE-2010-3334
Protection Provided by: Security Gateway
  • R71
  • R70
VPN-1
  • NGX R65
VSX
  • NGX R65
IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Microsoft Office XP SSP3
Microsoft Office 2003 SSP3
Microsoft Office 2007 SSP2
Microsoft Office 2010 (32-bit editions)
Microsoft Office 2010 (64-bit editions)
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Vulnerability Description
A memory corruption vulnerability has been identified in Microsoft Office. Microsoft Office is an office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems. A remote attacker could exploit this issue via a malformed Office file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system.
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS10-087
Vulnerability Details
The vulnerability is due to an error in Microsoft Office that fails to properly parse specially crafted Office files. A remote attacker could trigger this flaw by convincing a victim to open a malicious Office file. Successful exploitation of this issue may corrupt system memory, allowing execution of arbitrary code on a vulnerable system.

Protection Overview
This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05Protection tab, and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway: R70/R71

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > Content Protection.
2. In the right pane, double-click the Microsoft Office Art Drawing Records Code Execution (MS10-087) protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries: 

Attack Name: Content Protection Violation
Attack Information: Microsoft Office art drawing records code execution (MS10-087)

VPN-1 NGX R65 & VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence Content Protection.
2. Select the following protection:

Microsoft Office Art Drawing Records Code Execution (MS10-087)

3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries: 

Attack Name: Content Protection Violation
Attack Information: Microsoft Office art drawing records code execution (MS10-087)

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > Badfiles, and select the Microsoft Office Parser protection group.
3. Click Microsoft Office Art Drawing Records Code Execution (MS10-087) (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

 

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: Vulnerability in MS-Office file
Description: Microsoft Office Art Drawing Records Code Execution (MS10-087)