 |
 Security Best Practice: Blocking IPv6 In IPv4 Tunneling
Internet Protocol version 6 (IPv6) is the next-generation Internet Protocol version designated as the successor to IPv4, the first implementation used in the Internet. Tunneling is used by computer networks when one network protocol encapsulates a different payload protocol. Via tunneling a user can carry a payload over an incompatible delivery-network, or provide a secure path through an untrusted network. This protection will detect and block IPv6 tunneling inside IPv4 packets.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
SBP-2009-19.
Microsoft SMB Infinite Loop Denial of Service Vulnerability (MS09-050)Industry Reference:CVE-2009-2526.
A denial of service vulnerability has been reported in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB version 2 (SMBv2) packets. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to take complete control of an affected system. This protection will detect and block malformed SMBv2 packets.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
InterSpect NGX: A new protection is now available.
CPAI-2009-212.
Microsoft Windows Media Runtime Voice Sampler Rate Code Execution Vulnerability (MS09-051)Industry References:CVE-2009-0555, CVE-2009-2525.
A remote code execution vulnerability exists in the way that Microsoft Windows Media Runtime and the Windows Media Player handle specially crafted ASF files. The Microsoft Windows Media Format Runtime provides information and tools for applications that use Windows Media content. Windows Media Player is an application for Windows that supports numerous video, audio, and image formats. ASF (Advanced Systems Format) is a file format that stores audio and video information and is specially designed to run over networks like the Internet. It is a compressed format that contains streaming audio, video, slide shows, and synchronized events. A remote attacker could exploit this issue to take complete control of an affected system remotely. This protection will detect and block the transferring of malformed ASF files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2009-230.
Microsoft Media Player HeaderExtensionObject Heap Overflow Vulnerability (MS09-052)Industry Reference:CVE-2009-2527.
A remote code execution vulnerability exists in the way that Windows Media Player 6.4 handles specially crafted ASF files. Windows Media Player is an application for Windows that supports numerous video, audio, and image formats. ASF (Advanced Systems Format) is a file format that stores audio and video information and is specially designed to run over networks like the Internet. It is a compressed format that contains streaming audio, video, slide shows, and synchronized events. ASF enables content to be delivered as a continuous flow of data. A remote attacker could exploit this issue to take complete control of an affected system remotely. This protection will detect and block the transferring of malformed ASF files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
CPAI-2009-228.
Microsoft Internet Information Services FTP Server Recursive Listing Denial of Service Vulnerability (MS09-053)Industry Reference:CVE-2009-2521.
A stack consumption vulnerability has been discovered in Microsoft Internet Information Services (IIS) FTP server. IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes an FTP server service for exchanging and manipulating files over a TCP computer network. A remote attacker could use this issue to create a denial of service condition, thus crashing the vulnerable service. This protection will detect and block attempts to exploit this vulnerability via malicious FTP patterns.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2009-183.
Microsoft Internet Explorer Data Stream Header Corruption Vulnerability (MS09-054)Industry Reference:CVE-2009-1547.
A remote code execution vulnerability exists in the way Internet Explorer processes data stream headers. An attacker could exploit this issue by constructing a specially crafted Web page that when viewed by a user, could allow the attacker to execute arbitrary code remotely. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2009-220.
Microsoft Internet Explorer HTML Component Handling Remote Code Execution Vulnerability (MS09-054)Industry Reference:CVE-2009-2529.
A remote code execution vulnerability exists in the way that Internet Explorer handles argument validation of a variant in specific situations. An attacker could exploit this issue by constructing a specially crafted Web page that when viewed by a user, could allow the attacker to execute arbitrary code remotely. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2009-222.
Multiple Microsoft ATL COM Initialization Remote Code Execution Vulnerabilities (MS09-055)Industry Reference:CVE-2009-2493.
Multiple remote code execution vulnerabilities exist in several Microsoft ActiveX controls. ActiveX controls are reusable software components based on Microsoft Component Object Model (COM). The vulnerabilities are located in the Office Excel add-in for SQL Analysis Services, Microsoft Windows Live Mail, Microsoft Outlook View, MSN Photo Upload Tool and Microsoft Visio Viewer. A remote attacker may exploit these vulnerabilities to execute arbitrary code on an affected system. These protections will detect and block the vulnerable ActiveX controls.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
CPAI-2009-198.
Microsoft CryptoAPI Object Identifiers Integer Overflow Vulnerability (MS09-056)Industry Reference:CVE-2009-2511.
A spoofing vulnerability has been reported in the Microsoft Windows CryptoAPI component when parsing ASN.1 object identifiers from X.509 certificates. The CryptoAPI provide services that enable application developers to add encryption/decryption of data, authentication using digital certificates, and encoding to and decoding from Abstract Syntax Notation One (ASN.1) to their Windows-based applications. A remote attacker who successfully exploited this vulnerability could impersonate another user or system. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2009-214.
Microsoft CryptoAPI Null Truncation in X.509 Common Name Vulnerability (MS09-056)Industry Reference:CVE-2009-2510.
A spoofing vulnerability has been reported in the Microsoft Windows CryptoAPI component when parsing ASN.1 information from X.509 certificates. The CryptoAPI provide services that enable application developers to add encryption/decryption of data, authentication using digital certificates, and encoding to and decoding from Abstract Syntax Notation One (ASN.1) to their Windows-based applications. A remote attacker who successfully exploited this vulnerability could impersonate another user or system. This protection will detect and block NULL prefix found in SSL certificates.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: Preemptive protection is provided by this product.
VPN-1 NGX R65 & VSX NGX R65: Preemptive protection is provided by this product.
CPAI-2009-226.
Microsoft Indexing Service ActiveX Memory Corruption Vulnerability (MS09-057)Industry Reference:CVE-2009-2507.
A remote code execution vulnerability has been reported in the Microsoft Indexing Service. The Microsoft Windows Indexing Service is a base service that extracts content from files and constructs an indexed catalog to facilitate efficient and rapid searching. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2009-199.
Microsoft Windows Kernel NULL Pointer Dereferencing Vulnerability (MS09-058)Industry Reference:CVE-2009-2516.
An elevation of privilege vulnerability has been discovered in the Windows kernel. The Windows kernel is the core of the operating system. It provides system level services, allocates processor time to processes, and manages error handling. Successful exploitation of this vulnerability may allow execution of arbitrary code on an affected system. This protection will detect and block the transferring of malformed Windows executable (PE) files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2009-234.
Microsoft LSASS Authentication Process Integer Overflow Vulnerability (MS09-059)Industry Reference:CVE-2009-2524.
An elevation of privilege vulnerability has been discovered in the Microsoft Windows Local Security Authority Subsystem Service (LSASS). LSASS provides an interface for managing local security, domain authentication, and Active Directory service processes. It handles authentication for the client and for the server. A remote attacker could exploit this issue via a specially crafted NTLM request. This protection will detect and block malformed NTLM authentication requests.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
InterSpect NGX: A new protection is now available.
CPAI-2009-216.
Microsoft GDI+ PNG Integer Overflow Vulnerability (MS09-062)Industry Reference:CVE-2009-3126.
A remote code execution vulnerability has been discovered in the way that GDI+ allocates memory. The Microsoft Windows graphics device interface (GDI) enables applications to use graphics and formatted text on the video display and on the printer. A remote attacker may trigger this issue via a specially crafted PNG image file. The Portable Network Graphics (PNG) specification is an image format used as an alternative to other image formats such as the GIF and TIFF formats. Successful exploitation would allow execution of arbitrary code on a vulnerable system. This protection will detect and block the transferring of malformed PNG files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: Preemptive protection is provided by this product.
VPN-1 NGX R65 & VSX NGX R65: Preemptive protection is provided by this product.
CPAI-2009-232.
Microsoft GDI+ TIFF Buffer Overflow Vulnerability (MS09-062)Industry Reference:CVE-2009-2502.
A remote code execution vulnerability has been discovered in the way that GDI+ allocates memory. The Microsoft Windows graphics device interface (GDI) enables applications to use graphics and formatted text on the video display and on the printer. A remote attacker may trigger this issue via a specially crafted TIFF file. Tagged Image File Format (TIFF) is a container format for storing images, including photographs and line art. Successful exploitation would allow execution of arbitrary code on a vulnerable system. This protection will detect and block the transferring of malformed TIFF files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
CPAI-2009-204.
Microsoft GDI+ TIFF Memory Corruption Vulnerability (MS09-062)Industry Reference:CVE-2009-2503.
A remote code execution vulnerability has been discovered in the way that GDI+ allocates memory. The Microsoft Windows graphics device interface (GDI) enables applications to use graphics and formatted text on the video display and on the printer. A remote attacker may trigger this issue via a specially crafted TIFF file. Tagged Image File Format (TIFF) is a container format for storing images, including photographs and line art. Successful exploitation would allow execution of arbitrary code on a vulnerable system. This protection will detect and block the transferring of malformed TIFF files over HTTP.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-206.
Adobe Reader FlateDecode Parameters Integer Overflow Vulnerability (APSB09-07)Industry References:CVE-2009-1856, CVE-2009-3459.
An integer overflow vulnerability has been discovered in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation of this issue will cause the application to become non-responsive, and may allow execution of arbitrary code on an affected system. This protection will detect and block attempts to transfer malformed PDF files over HTTP.
Security Gateway R70: A protection that was released previously has been updated.
CPAI-2009-186.
HP LoadRunner XUpload.ocx ActiveX Control Arbitrary File Download VulnerabilityA vulnerability has been reported in HP LoadRunner. LoadRunner is a performance and load testing product by Hewlett-Packard for examining system behaviour and performance, while generating actual load. The vulnerability is due to an error in the Persits.XUpload ActiveX control which can permit the download of files to arbitrary locations on the victim's computer. This protection will detect and block the HP LoadRunner ActiveX control.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-239.
Recent Malware Threats (21-Oct-09)Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. IPS will detect and block the malware based on predefined signatures. The update includes 11 new protections against recent malware threats.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-262.
|
October 22, 2009
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|