Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft DirectX SAMI Files Parsing Code Execution Vulnerability (MS07-064)

Subscribe

Check Point Reference: CPAI-2007-141
Date Published:
Severity:
Source: Microsoft Security Bulletin MS07-064
Industry Reference(s): CVE-2007-3901
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
Who is Vulnerable?
Microsoft DirectX 6.4
Microsoft DirectX 7.0
Microsoft DirectX 8.1
Vulnerability Description
A remote code execution vulnerability has been reported in Microsoft DirectX. Microsoft DirectX is a set of libraries that aim for accelerated video and audio experience on Microsoft Windows operating system. DirectX can parse various file formats which include SAMI files. Synchronized Accessible Media Interchange (SAMI) files are text files that contain the text strings used for synchronized closed captions, subtitles, and audio descriptions. A remote attacker can exploit this vulnerability via a specially crafted SAMI file. Successful exploitation of the vulnerability allows execution of arbitrary code on a vulnerable system.
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS07-064
Vulnerability Details
The vulnerability is due to errors in Microsoft DirectX that fails to properly handle malformed SAMI files. A remote attacker could trigger this flaw via a specially crafted SAMI file. Successful exploitation allows execution of arbitrary code once a malformed SAMI file is being loaded on a vulnerable system.

Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed SAMI files over HTTP.

In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The update released on December 30, 2007 includes the following protections:

Microsoft DirectX SAMI Files Parsing Vulnerability (MS07-064) – CPAI-2007-141
Microsoft Windows Media Format ASF Parsing Vulnerability (MS07-068) – CPAI-2007-142
Recent Malware Threats (30-Dec-07) – (CPAI-2007-143)

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection > Malformed SAMI Files (MS07-064).
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Malformed SAMI file detected (MS07-064)

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:

Malformed SAMI Files (MS07-064)

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Malformed SAMI file detected (MS07-064)