 |
 Microsoft Visual Basic VBE6.DLL Stack Memory Corruption Vulnerability (MS10-031)
Industry Reference:CVE-2010-0815.
A remote code execution vulnerability has been reported in the way that Microsoft Visual Basic for Applications searches for ActiveX controls. Microsoft Visual Basic (VBA) is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote attacker may exploit this vulnerability to take complete control of an affected system. This protection will detect and block the transferring of malformed PowerPoint files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-075.
Microsoft Outlook Express and Windows Mail Integer Overflow Vulnerability (MS10-030)Industry Reference:CVE-2010-0816.
A remote code execution vulnerability has been reported in the way that Windows Mail Client handles specially crafted mail responses. Windows Mail (formerly Outlook Express) is an online communication tool for use with Windows. A remote attacker may exploit this vulnerability to take complete control of the affected system. This protection will detect and block malformed POP3 responses.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-076.
Linux Kernel sctp_process_unk_param SCTPChunkInit Buffer Overflow VulnerabilityIndustry Reference:CVE-2010-1173.
A buffer overflow vulnerability exists in Linux Kernel Organization's Linux kernel. Linux is a popular open-source operating system. The Linux network protocol stack provides support for Stream Control Transmission Protocol (SCTP), a connection-oriented protocol that is an alternative or compliment to layer 4 protocols such as TCP and UDP. A remote attacker may exploit this vulnerability to cause a denial of service condition or to execute code on a vulnerable system. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-077.
GhostScript PostScript Parser Stack Overflow VulnerabilityIndustry Reference:CVE-2010-1869.
A stack overflow vulnerability has been discovered in GhostScript, an interpreter for the PostScript language and the Portable Document Format (PDF). A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system. This protection will detect and block malformed PostScript files.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-078.
Improvements have been made to the following protections:
Multiple Vendors NTP Daemon Autokey Stack Buffer Overflow Vulnerability
CPAI-2009-134.
HP Power Manager formExportDataLogs Buffer Overflow Vulnerability
CPAI-2010-111.
Oracle Database Server XDB PITRIG_DROPMETADATA Procedure Buffer Overflow Vulnerability
SBP-2007-11.
Microsoft Visual Studio ActiveX Control Buffer Overflow Vulnerability (MS08-070)
CPAI-2008-234.
Microsoft Internet Explorer Request Header Information Disclosure Vulnerability (MS08-031)
CPAI-2009-279.
|
May 11, 2010
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|