Update Protection against Microsoft Word Malformed String Memory Corruption Vulnerability (MS07-060)
| Check Point Reference: | CPAI-2007-123 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS07-060 | |
| Industry Reference(s): | CVE-2007-3899 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2004 for Mac | ||
| Vulnerability Description A remote code execution vulnerability has been identified in Microsoft Word. Microsoft Word is a popular word processing software. A remote attacker could exploit this issue via a malformed DOC file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS07-060 |
|
|
Vulnerability Details The vulnerability is due to a boundary error in Microsoft Word that fails to properly handle malformed DOC files. A remote attacker could trigger this flaw by convincing a victim to open a specially crafted Word file with a malformed string. Successful exploitation of this issue may allow execution of arbitrary code on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed DOC files over HTTP.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on October 28, 2007 includes the following protections:
OpenOffice TIFF File Parsing Integer Overflow Vulnerability (CPAI-2007-120)
Microsoft Windows Kodak Image Viewer Vulnerability (MS07-055) - CPAI-2007-121
Microsoft Visual Studio PDWizard.ocx ActiveX Control Vulnerability (CPAI-2007-122)
Microsoft Word Malformed String Memory Corruption Vulnerability (MS07-060) - CPAI-2007-123
Microsoft Windows RPC NTLMSSP Authentication DoS Vulnerability (MS07-058) - CPAI-2007-124
New Feature for the Block FTP Brute Force Attacks Protection (SBP-2007-09)
Blocking QQ Instant Messenger (SBP-2007-10)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection > Block Malformed Word MAC5 Files (MS07-060).
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed Word MAC5 file detected (MS07-060)
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Block Malformed Word MAC5 Files (MS07-060)
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed Word MAC5 file detected (MS07-060)
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > Content Protection.
3. Select the following:
Block Malformed Word MAC5 Files (MS07-060)
4. In the configuration pane, check the Block Malformed Word MAC5 Files (MS07-060) protection.
5. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed Word MAC5 file detected (MS07-060)