SmartDefense Security Advisory

TLS and SSL Spoofing Vulnerability

Industry Reference:CVE-2009-3555.

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide security for communications over networks. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. A spoofing vulnerability exists in multiple implementations of these protocols. The TLS and SSL protocols fail to properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL. A remote attacker can leverage this vulnerability to execute an HTTP transaction authenticated by a legitimate user. This protection will detect and block attempts to exploit this vulnerability.

Security Gateway R70: Preemptive protection is provided by this product.
VPN-1 NGX R65 & VSX NGX R65: Preemptive protection is provided by this product.
CPAI-2010-020.

Microsoft Internet Explorer Response Redirect Information Disclosure Vulnerability

Industry Reference:CVE-2010-0255.

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which may allow the attacker to view data from a Web page in another Internet Explorer domain. This protection will detect and block attempts to exploit this vulnerability.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-033.

Microsoft Office Drawing Shape Group Properties Buffer Overflow Vulnerability (MS10-003)

Industry Reference:CVE-2010-0243.

A remote code execution vulnerability has been reported in the way Microsoft Office handles specially crafted Excel files. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.

Security Gateway R70: A new protection is now available.
CPAI-2010-035.

Microsoft Office PowerPoint LinkedSlideAtom Heap Overflow Vulnerability (MS10-004)

Industry Reference:CVE-2010-0030.

A remote code execution vulnerability has been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed PowerPoint files over HTTP.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-024.

Microsoft Office PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability (MS10-004)

Industry Reference:CVE-2010-0033.

A remote code execution vulnerability has been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed PowerPoint files over HTTP.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-025.

Microsoft Office PowerPoint OEPlaceholderAtom Arbitrary Array Indexing Vulnerabilities (MS10-004)

Industry References:CVE-2010-0031, CVE-2010-0032.

Multiple remote code execution vulnerabilities have been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit these issues via a malformed PowerPoint file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code on a target system.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-027.

Microsoft Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability (MS10-004)

Industry Reference:CVE-2010-0034.

A remote code execution vulnerability has been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed PowerPoint files over HTTP.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-026.

Microsoft PowerPoint File Path Handling Buffer Overflow Vulnerability (MS10-004)

Industry Reference:CVE-2010-0029.

A remote code execution vulnerability has been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed PowerPoint files over HTTP.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-034.

Microsoft Paint JPEG Decoding Integer Overflow Vulnerability (MS10-005)

Industry Reference:CVE-2010-0028.

A remote code execution vulnerability exists in the way that Microsoft Paint decodes JPEG images. Microsoft Paint is a simple graphics painting program that has been included with all versions of Microsoft Windows. JPEG is a platform-independent image format that supports a high level of compression. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. This protection will detect and block the transferring of malformed JPEG files over HTTP.

Security Gateway R70: A new protection is now available.
CPAI-2010-021.

Microsoft Windows SMB Client Pool Corruption Vulnerability (MS10-006)

Industry Reference:CVE-2010-0016.

A remote code execution vulnerability has been reported in the Microsoft Server Message Block (SMB) Protocol. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to take complete control of an affected system. This protection will detect and block attempts to exploit this vulnerability.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-002.

Microsoft Windows SMB Client Repeated Negotiation Responses Vulnerability (MS10-006)

Industry Reference:CVE-2010-0017.

A remote code execution vulnerability has been reported in the Microsoft Server Message Block (SMB) Protocol. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to take complete control of an affected system. This protection will detect and block malformed SMB responses.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-003.

Microsoft Windows Shell Handler URL Validation Code Execution Vulnerability (MS10-007)

Industry Reference:CVE-2010-0027.

A remote code execution vulnerability has been reported in the Microsoft Windows ShellExecute API function. The Windows user interface provides users with access to a wide variety of objects necessary for running applications and managing the operating system. ShellExecute is part of the Windows Shell application programming interface (API) functions. It performs an operation on a specified file. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system. This protection will detect and block malformed links in HTML files.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-031.

Microsoft Data Analyzer ActiveX Control Remote Code Execution Vulnerability (MS10-008)

Industry Reference:CVE-2010-0252.

A remote code execution vulnerability has been reported in the Microsoft Data Analyzer ActiveX Control. Microsoft Data Analyzer is a data analysis software for Microsoft Office XP. Microsoft Data Analyzer allows analyzing and visualizing data and data trends, and is integrated with SQL Server Analysis Services. Reports and graphs generated could be saved as Excel or PowerPoint files. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system. This protection will detect and block attempts to access proscribed ActiveX controls via HTTP.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-019.

Microsoft SMB NTLM Authentication Lack of Entropy Vulnerability (MS10-012)

Industry Reference:CVE-2010-0231.

An elevation of privilege vulnerability has been reported in the way that Microsoft Server Message Block (SMB) Protocol software handles authentication attempts. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this issue to gain access to the SMB service under the privileges of a specific authorized user. This protection will detect and block multiple SMB requests attempting to exploit this vulnerability.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-029.

Microsoft SMB Server Null Pointer Denial of Service Vulnerability (MS10-012)

Industry Reference:CVE-2010-0022.

A denial of service vulnerability has been reported in the Microsoft Windows Server Message Block (SMB) implementation. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to create a denial of service condition. This protection will detect and block malformed SMB requests attempting to exploit this vulnerability.

IPS-1 & IPS-1 NGX R65: Preemptive protection is provided by this product.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-028.

Microsoft SMB COPY Command Pathname Overflow Vulnerability (MS10-012)

Industry Reference:CVE-2010-0020.

A remote code execution vulnerability has been reported in the Microsoft Windows Server Message Block (SMB) implementation. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to take complete control of an affected system. This protection will detect and block overly long SMB COPY commands.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-022.

Microsoft SMB Server Race Condition Denial of Service Vulnerability (MS10-012)

Industry Reference:CVE-2010-0021.

A denial of service vulnerability has been reported in the Microsoft Windows Server Message Block (SMB) implementation. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to create a denial of service condition. This protection will detect and block malformed SMB requests attempting to exploit this vulnerability.

IPS-1 & IPS-1 NGX R65: Preemptive protection is provided by this product.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-023.

Microsoft DirectShow AVI Parser Heap Overflow Vulnerability (MS10-013)

Industry Reference:CVE-2010-0250.

A remote code execution vulnerability has been discovered in the way that Microsoft DirectShow parses AVI media files. Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. Audio Video Interleave (AVI) is a file type that is used with applications that capture, edit, and play back audio-video sequences. A remote attacker could exploit this issue via a malformed AVI file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed AVI files over HTTP.

Security Gateway R70: A new protection is now available.
CPAI-2010-032.

Microsoft Active Directory and MIT Kerberos Null Pointer Dereference Vulnerability (MS10-014)

Industry Reference:CVE-2010-0035.

In a Windows Active Directory environment in which an MIT Kerberos realm is trusted by an Active Directory domain, a user who is a member of the MIT Kerberos realm can be authenticated by Windows using the cross-realm trust established between the Active Directory and the MIT Kerberos realm. A denial of service vulnerability exists in implementations of MIT Kerberos. The Kerberos protocol is used to mutually authenticate users and services on an open and unsecured network. It allows services to correctly identify the user of a Kerberos ticket without having to authenticate the user at the service. It does this by using shared secret keys. A remote attacker may exploit this vulnerability to create a denial of service condition, causing the affected system to stop responding. This protection will detect and block Kerberos renewal requests from a non-renewable connection.

Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-030.

Novell eDirectory NDS Verb Integer Overflow Vulnerability

Industry Reference:CVE-2009-0895.

An integer overflow was identified in Novell eDirectory. Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) directory-based identity management system that centralizes the management of user identities, access privileges and many other network resources. An attacker can exploit this vulnerability to execute arbitrary code on a target system. This protection will detect and block malformed Novell NDS packets sent to the eDirectory system.

IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
CPAI-2010-014.

Sun Java System Application Server HTTP TRACE Vulnerability

Industry Reference:CVE-2010-0386.

Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method which can be leveraged by attackers to gain access to sensitive user information. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. A local or remote unprivileged user may be able to abuse the HTTP TRACE functionality to gain access to sensitive information in HTTP headers when making HTTP requests to Sun Java System Application servers. This protection detects and blocks HTTP requests using the TRACE command.

IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-102.

Multiple Vendors NTP Mode 7 Denial of Service Vulnerabilities

Industry Reference:CVE-2009-3563.

A denial of service vulnerability exists in the Network Time Protocol (NTP), a product shipped by many vendors. The vulnerability is due to incorrect handling of mode 7 (MODE_PRIVATE) requests. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted mode 7 request to a target NTP server. A successful attack can lead to a denial of service condition of the affected service. This protection detects and blocks NTP MODE 7 request packets whose source and destination UDP ports are 123.

IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-103.

Zeus Web Server SSL2_Client_Hello Buffer Overflow Vulnerability

Zeus Web Server is a web server for Unix and Unix-like platforms. A buffer overflow was detected in Zeus Web Server SSL2 implementation (SSL2_CLIENT_HELLO). The protection detects and blocks SSL messages which are larger than 16K.

IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-101.

 February 9, 2010

IPS Software Blade

Buy Now

Guidelines

Forums

SmartDefense Microsoft Security Resources
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe

As always, please feel free to contact us directly if you have any comments or questions.

Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065