 |
 Microsoft Active Directory Federation Services Code Execution Vulnerability (MS09-070)
Industry Reference:CVE-2009-2509.
A remote code execution vulnerability has been discovered in implementations of Active Directory Federation Services (ADFS). Active Directory provides central authentication and authorization services for Windows-based systems. Active Directory Federation Services (ADFS) helps the client to use single sign-on by securely sharing digital identity and entitlement rights across security and enterprise boundaries. A remote attacker can exploit the vulnerability to take complete control of an affected system remotely. This protection detects and blocks specially crafted HTTP requests sent to the vulnerable server.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-251.
Microsoft Internet Authentication Service MS-CHAP Security Bypass (MS09-071)Industry Reference:CVE-2009-3677.
An elevation of privilege vulnerability has been reported in the Internet Authentication Service. Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for many types of network access. A remote attacker may exploit this issue to gain access to network resources under the privileges of a specific authorized user. This protection detects and blocks malformed MS-CHAP v2 authentication requests to the vulnerable service.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-253.
Microsoft Internet Explorer 8 Overlap Components Memory Corruption Vulnerability (MS09-072)Industry Reference:CVE-2009-3671.
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-257.
Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability (MS09-072)Industry Reference:CVE-2009-3672.
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection detects and blocks malformed CSS tags used in HTML documents.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2009-249.
Microsoft Internet Explorer Page Refresh Uninitialized Memory Corruption Vulnerability (MS09-072)Industry Reference:CVE-2009-3673.
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-263.
Microsoft Internet Explorer 8 Circular References Memory Corruption Vulnerability (MS09-072)Industry Reference:CVE-2009-3674.
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-267.
Microsoft WordPad and Office Text Converter Memory Corruption Vulnerability (MS09-073)Industry Reference:CVE-2009-2506.
A remote code execution vulnerability has been reported in Microsoft WordPad and Office Word. WordPad Text Converters allow users who do not have Microsoft Office Word installed to open documents in other Microsoft Windows applications. They also allow users to save documents in the Word 97 file format. A remote attacker can exploit this vulnerability via a specially crafted Word 97 document. Successful exploitation may allow execution of arbitrary code on a vulnerable system. This protection will detect and block the transferring of malformed Word files over HTTP.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-259.
Microsoft Office Project Memory Validation Remote Code Execution Vulnerability (MS09-074)Industry Reference:CVE-2009-0102.
A remote code execution vulnerability has been identified in the way Microsoft Project handles specially crafted Project files. Microsoft Project is a project management software program designed to assist project managers to stay informed, keep project teams aligned, increase productivity and control project work, schedules, and finances. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Microsoft Office Project files over HTTP.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2009-261.
HP OpenView Network Node Manager Denial of Service VulnerabilityIndustry Reference:CVE-2009-3840.
A denial of service vulnerability exists in HP OpenView Network Node Manager. The flaw is due to a design weakness when processing crafted packets sent to the server. Remote attackers could exploit this vulnerability by sending a malicious request to the affected TCP port. Successful exploitation can lead to a denial of service condition of the target system. This protection will detect and block malformed packets sent to HP OpenView's ovdbrun.exe process.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-302.
Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow VulnerabilityIndustry Reference:CVE-2009-3031.
A stack buffer overflow vulnerability exists in multiple Symantec products. The vulnerability is due to an error in the AeXNSConsoleUtilities.dll ActiveX control when processing overly long arguments. This issue can be exploited by remote attackers to execute arbitrary code by convincing the user to visit a specially crafted web page. This protection will detect and block access to proscribed ActiveX class IDs.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-303.
EMC Captiva PixTools Distributed Imaging ActiveX Control File Creation VulnerabilityA vulnerability has been reported in EMC Captiva PixTools, a suite of software developer toolkits that provides image scanning, viewing, and processing functionality. The vulnerability lies in the Distributed Imaging ActiveX Control. Attackers can take remote control of a vulnerable system by enticing a user to visit a maliciously crafted web page. This protection will detect and block attempts to access proscribed ActiveX controls via HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-304.
Oracle Document Capture EasyMail IMAP4 LicenseKey Buffer Overflow VulnerabilityA buffer overflow vulnerability exists in Oracle Document Capture which is integrated with Oracle Imaging and Process Management and Oracle Universal Content Management products. The vulnerability is due to a boundary error while parsing the LicenseKey property within the EasyMail IMAP4 ActiveX component of the affected product. Remote unauthenticated attackers can exploit this vulnerability by enticing targeted users to open a specially crafted HTML document. Successful exploitation of this vulnerability would allow for arbitrary code execution. This protection will detect and block attempts to access proscribed ActiveX controls via HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-305.
Oracle Document Capture EasyMail SMTP AddAttachment Buffer Overflow VulnerabilityA stack buffer overflow vulnerability exists in Oracle Document Capture, which is integrated with Oracle Imaging and Process Management and Oracle Universal Content Management products. The vulnerability is due to a boundary error when parsing a crafted argument passed to the EasyMail SMTP ActiveX component. Remote attackers can exploit this vulnerability by convincing target users to visit a malicious web page. Successful exploitation could lead to arbitrary code execution on the target system. This protection will detect and block the use of particular ActiveX components in HTTP transfers.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2009-306.
|
December 8, 2009
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|