 |
Check Point�s IPS update services protect customers using IPS-1 and IPS-1 NGX R65 from the following vulnerabilities:
 Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Vulnerability
Industry Reference: CVE-2009-1394.
A buffer overflow vulnerability exists in Motorola Timbuktu Pro. Motorola Timbuktu is a remote monitoring and control product available for Microsoft Windows and other operating systems. The flaw is due to a boundary error in data processing. Remote attackers could exploit this vulnerability by sending malformed data to the Timbuktu Pro process. By enabling this protection, IPS-1 will detect and block invalid requests sent to a particular SMB named pipe.
New Protections are available for this vulnerability. See CPAI-2009-203.
Mozilla Firefox SSL Tampering via non-200 Responses to Proxy CONNECT RequestsIndustry Reference: CVE-2009-1836.
Mozilla Firefox, Thunderbird and SeaMonkey use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server. A vulnerability was reported in Mozilla Firefox, a feely available Web browser. The vulnerability resides in the handling of non-200 responses after a CONNECT request to a proxy. This can be exploited to execute arbitrary HTML and script code in the requested SSL-protected domain. By enabling this protection, IPS-1 will detect and block HTTP responses that contain script tags that are not HTTP-200s.
New Protections are available for this vulnerability. See SBP-2009-11.
Check Point�s IPS update services protect customers using the IPS Software Blade for Security Gateway R70, VPN-1� NGX R65, and VSX NGX R65 from the following vulnerabilities:
Microsoft DirectShow Pointer Validation Remote Code Execution Vulnerability (MS09-028)Industry Reference: CVE-2009-1538.
A remote code execution vulnerability has been discovered in Microsoft DirectShow. Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. A remote attacker could exploit this issue via a malformed QuickTime file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed QuickTime files over HTTP.
Protections are available immediately for this vulnerability. See CPAI-2009-123.
Microsoft DirectShow Size Validation Remote Code Execution Vulnerability (MS09-028)Industry Reference: CVE-2009-1539.
A remote code execution vulnerability has been discovered in Microsoft DirectShow. Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. A remote attacker could exploit this issue via a malformed QuickTime file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed QuickTime files over HTTP.
Protections are available immediately for this vulnerability. See CPAI-2009-125.
Microsoft DirectShow QuickTime Movie Parser Filter Code Execution Vulnerability (MS09-028)Industry Reference: CVE-2009-1537.
A remote code execution vulnerability has been discovered in Microsoft DirectShow QuickTime Movie Parser filter. Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. The QuickTime Movie Parser filter splits Apple QuickTime data into audio and video streams. A remote attacker could exploit this issue via a malformed QuickTime file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed QuickTime files over HTTP.
Protections were previously released for this vulnerability. See CPAI-2009-136.
Microsoft Windows Embedded OpenType (EOT) Font Engine Remote Code Execution Vulnerabilities (MS09-029) Industry References: CVE-2009-0231, CVE-2009-0232.
Multiple remote code execution vulnerabilities have been reported in the way Microsoft Windows Embedded OpenType (EOT) font technology parses data records and name tables in specially crafted embedded fonts. Embedded OpenType (EOT) fonts are a compact form of fonts designed for use on web pages. A remote attacker can exploit these vulnerabilities via a specially crafted EOT file. Successful exploitation may allow execution of arbitrary code on a vulnerable system. This protection detects and blocks the transferring of EOT files over HTTP. No update is required to address these vulnerabilities.
Protections are now available for these vulnerabilities. See SBP-2009-05.
Microsoft ISA Server 2006 Radius OTP Bypass Vulnerability (MS09-031)Industry Reference: CVE-2009-1135.
An elevation of privilege vulnerability exists in Microsoft Internet Security and Acceleration (ISA) Server 2006 authentication when configured with Radius One Time Password (OTP). ISA Server, originating as Microsoft Proxy Server, is a Firewall & Security product that provides Application-Layer Firewalling, acts as a VPN endpoint, and provides Internet Access for client systems in a Business Networking environment. A remote unauthenticated user may exploit this vulnerability to gain access to any web published resource. This protection will detect and block malformed requests to the ISA Server.
Protections are available immediately for this vulnerability. See CPAI-2009-133.
Check Point�s IPS update services protect customers using the IPS Software Blade for Security Gateway R70 from the following vulnerability:
Microsoft Publisher Pointer Dereference Remote Code Execution Vulnerability (MS09-030)Industry Reference: CVE-2009-0566.
A remote code execution vulnerability has been reported in Microsoft Publisher. Microsoft Publisher is a desktop publishing application for creating marketing materials, managing customer lists and more. A remote attacker can exploit this vulnerability via a specially crafted .pub file. Successful exploitation may allow execution of arbitrary code on a vulnerable system. This protection will detect and block the transferring of Microsoft Publisher files over HTTP.
Protections are available immediately for this vulnerability. See CPAI-2009-119.
| July 14, 2009
 | You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|