 |
 Microsoft Windows AVI Processing Malformed Header Remote Code Execution Vulnerability (MS09-038)
Industry Reference:CVE-2009-1545.
A remote code execution vulnerability has been discovered in the way Microsoft Windows handles specially crafted AVI format files. Audio Video Interleave (AVI) is a special case of Resource Interchange File Format (RIFF). This file type used with applications that capture, edit, and play back audio-video sequences. A remote attacker could exploit this issue via a malformed AVI file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed AVI files over HTTP.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-149.
Microsoft Windows AVI File Data Validation Integer Overflow Vulnerability (MS09-038)
Industry Reference:CVE-2009-1546.
A remote code execution vulnerability has been discovered in the way Microsoft Windows handles specially crafted AVI format files. Audio Video Interleave (AVI) is a special case of Resource Interchange File Format (RIFF). This file type used with applications that capture, edit, and play back audio-video sequences. A remote attacker could exploit this issue via a malformed AVI file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed AVI files over HTTP.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-151.
Microsoft WINS Buffer Length Heap Overflow Vulnerability (MS09-039)
Industry Reference:CVE-2009-1923.
A remote code execution vulnerability has been discovered in Microsoft WINS. Windows Internet Naming Service (WINS) was designed specifically to support NetBIOS over TCP/IP (NetBT), and is required for any environment in which users access resources that have NetBIOS names. A remote attacker can exploit this vulnerability to take complete control over an affected system. This protection will detect and block malformed WINS network packets.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-145.
Microsoft WINS Buffer Allocation Integer Overflow Vulnerability (MS09-039)
Industry Reference:CVE-2009-1924.
A remote code execution vulnerability has been discovered in Microsoft WINS. Windows Internet Naming Service (WINS) was designed specifically to support NetBIOS over TCP/IP (NetBT), and is required for any environment in which users access resources that have NetBIOS names. A remote attacker can exploit this vulnerability to take complete control over an affected system. This protection will detect and block malformed WINS network packets.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-147.
Microsoft Windows Workstation Service NetrGetJoinInformation Routine Memory Corruption Vulnerability (MS09-041)
Industry Reference:CVE-2009-1544.
An elevation of privilege vulnerability has been reported in the Microsoft Windows Workstation Service. Microsoft Windows Workstation Service routes local file system requests and remote file or print network requests via Remote Procedure Call (RPC). RPC is a protocol that a program can use to request a service from another program which is located on another computer in a network. An attacker may exploit this issue to run arbitrary code with elevated privileges on an affected system. This protection will detect and block malformed RPC requests sent to the vulnerable service.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-155.
Microsoft Windows Telnet Services Credential Reflection Code Execution Vulnerability (MS09-042)
Industry Reference:CVE-2009-1930.
A remote code execution vulnerability has been reported in the way Microsoft Windows Telnet Service handles NTLM credentials. Telnet is a bidirectional communications protocol that allows for command line remote administration over the TCP protocol. The vulnerability allows a remote attacker to replay the user's credentials back to them, creating a reflection attack, and enabling execution of arbitrary code in the context of the logged-on user. This protection will detect and block attempts to reflect NTLM credentials via the Telnet protocol.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-159.
Microsoft Remote Desktop Client Connection ActiveX Heap Overflow Vulnerability (MS09-044)
Industry Reference:CVE-2009-1929.
A remote code execution vulnerability has been reported in the Microsoft Terminal Services Client ActiveX control. The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Microsoft Windows-based applications running on a server. The Remote Desktop Web Connection ActiveX control allows accessing a computer, via the Internet, from another computer using Internet Explorer. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-131.
Microsoft Remote Desktop Connection DWORD Heap Overflow Vulnerability (MS09-044)
Industry Reference:CVE-2009-1133.
A remote code execution vulnerability has been reported in the way Microsoft Remote Desktop Connection processes specific parameters returned by the RDP server. The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Microsoft Windows-based applications running on a server. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system. This protection will detect and block malformed RDP traffic.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-157.
Security Best Practice: Protect Yourself from Invalid IIS ASP.Net URI Character Requests
Industry Reference:CVE-2009-1536.
A denial of service vulnerability has been reported in ASP.NET. ASP.NET is a collection of technologies within the.NET Framework that enable developers to build Web applications and XML Web Services. A remote attacker may exploit this issue to cause a vulnerable server to become non-responsive. This protection will detect and block IIS ASP.Net requests with invalid characters in the URI.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
SBP-2009-15.
Novell Client NetIdentity Agent Remote Code Execution Vulnerability
Industry Reference:CVE-2009-1350.
A remote code execution vulnerability exists in Novell Client NetIdentity Agent. The Novell NetIdentity agent works with eDirectory authentication to provide background authentication to Windows Web-based applications that require eDirectory authentication. The flaw is due to insufficient sanity check when processing crafted RPC messages. An attacker could exploit this vulnerability by sending a specially crafted RPC message to the affected service. By enabling this protection, IPS-1 will detect and block invalid RPC traffic over the named pipe XTIERRPCPIPE.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-209.
Oracle BEA Weblogic Server console-help.portal Cross-Site Scripting Vulnerability
Industry Reference:CVE-2009-1975.
A cross-site scripting vulnerability was reported in BEA Weblogic Server. WebLogic is typically used as the platform for large enterprise web applications. The vulnerability is due to lack of sanitization of input passed to console-help.portal pages before being returned to the user. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary HTML or script code on the client system. By enabling this protection, IPS-1 will detect and block attempts to access the Oracle BEA WebLogic console help portal with JavaScript embedded in the searchQuery tag.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-211.
Citrix XenCenterWeb Cross Site Scripting Vulnerabilities
Citrix XenCenterWeb is a web interface for Citrix XenServer environment management. Lack of sanitization in the username parameter may allow an attacker to access the Citrix XENCenter management console with javascript embedded in the username parameter. By enabling this protection, IPS-1 will detect and block attempts to access the Citrix XENCenter management console with javascript embedded in the username parameter.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-213.
Joomla! Jobline Component 'search' Parameter SQL Injection Vulnerability
A SQL injection vulnerability exists in the Jobline component for Joomla!. The application fails to sufficiently sanitize user supplied data before using it in an SQL query. Successful exploitation could allow a remote attacker to compromise the application, access or modify data and launch other attacks. By enabling this protection, IPS-1 will detect and block attempts to access the Joomla Jobline component with SQL commands embedded in the HTTP parameters.
CPAI-2009-225.
Joomla! HTTP Header Script Injection Vulnerability
Joomla! is a content management system (CMS) designed for building Web sites and online applications. Joomla! fails to parse HTTP headers, allowing an attacker to inject JavaScript or DHTML code that can be executed in the context of a target user browser. By enabling this protection, IPS-1 will detect and block HTTP requests with javascript embedded in the HTTP-Referrer header.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-215.
Adobe RoboHelp Server SQL Injection Vulnerability
Industry Reference:CVE-2008-2991.
Adobe RoboHelp Server is vulnerable to a SQL injection attack. A remote attacker can trigger this vulnerability by sending a specially crafted URL to a vulnerable installation of RoboHelp Server. An attacker would need to have access to the RoboHelp Help Errors log, or convince someone with access to the RoboHelp Help Errors log to click on a malicious URL, in order to execute the attack. An exploit can lead to disclosure of sensitive information and loss of data. By enabling this protection, IPS-1 will detect and block attempts to access the RoboHelp server with SQL embedded in HTTP parameters.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-217.
Oracle Database Secure Enterprise Search Cross Site Scripting Vulnerability
Industry Reference:CVE-2009-1968.
Oracle Database Secure Enterprise Search contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the search_p_groups parameter upon submission to the /search/query/search script. A remote attacker could create a specially crafted URL to execute arbitrary code in a user's browser, leading to a loss of integrity. By enabling this protection, IPS-1 will detect and block attempts to access the Oracle Secure Enterprise Search page with javascript embedded in the search_p_groups parameter.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-223.
Cisco IOS Administrative Interface HTTP Authentication Vulnerability
Industry References:CVE-2009-1164, CVE-2009-1166.
Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request to an affected WLC. By enabling the protection, IPS-1 will block HTTP Basic Authentication requests with overly long username or password.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-221.
|
August 11, 2009
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|