 |
 Multiple Vendors rpc.pcnfsd Syslog Format String Vulnerability
Industry Reference:CVE-2010-1039.
An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. This protection will detect and block malformed RPC requests.
IPS-1 & IPS-1 NGX R65: Preemptive protection is provided by this product.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-082.
Multiple Adobe Shockwave Player and Adobe Director Vulnerabilities (APSB10-12)Industry References:CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130.
Multiple vulnerabilities have been identified in Adobe Shockwave Player. Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. An attacker can exploit these issues via a specially crafted Director file. A remote attacker may exploit these vulnerabilities to create a denial of service condition or to take complete control of an affected system. This protection detects and blocks the transferring of Adobe Director files over HTTP.
Security Gateway R70/R71: A new protection is now available.
SBP-2010-19.
OpenSSL TLS Connection Record Handling Denial of Service VulnerabilityIndustry Reference:CVE-2010-0740.
A denial of service vulnerability exists in OpenSSL. OpenSSL is an open-source library that implements Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol functionality. A remote attacker may exploit this vulnerability to create a denial of service condition. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-080.
Mozilla Firefox PKCS11 Module Installation Code Execution VulnerabilityIndustry Reference:CVE-2009-3076.
A remote code execution vulnerability was reported in Mozilla Firefox, the popular browser from Mozilla Foundation. The vulnerability is due to improper user messaging when using PKCS11 Module to load DLLs. An attacker can exploit this vulnerability by customizing the dialog message to mislead and trick a user into loading a malicious DLL. This protection will detect and block HTML files attempting to make use of the window.pkcs11 property.
IPS-1 & IPS-1 NGX R65: A protection was released in a previous update.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-116.
Mozilla Firefox Top-level Script Object Offset Calculation Memory Corruption VulnerabilityIndustry Reference:CVE-2009-3073.
A memory corruption vulnerability exists in Mozilla Firefox web browser. The vulnerability is due to improper calculation of an object offset in a specific case of the top-level script. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could result in arbitrary code execution. This protection will detect and block HTML files containing invalid JavaScript constructs.
IPS-1 & IPS-1 NGX R65: A protection was released in a previous update.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-117.
Mozilla Firefox nsPropertyTable PropertyList Memory Corruption VulnerabilityIndustry Reference:CVE-2009-3070.
A memory corruption vulnerability has been reported in Mozilla Firefox web browser. The vulnerability is due to improper handling of PropertyLists in nsPropertyTable while parsing a specially crafted web page. Remote attackers can exploit this vulnerability by convincing a target user to visit a malicious web page, potentially leading to arbitrary code injection and execution on the target system. This protection will detect and block HTML documents with some combination of invalid position property lists.
IPS-1 & IPS-1 NGX R65: A protection was released in a previous update.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-118.
Mozilla Firefox Floating Point Number Conversion Memory Corruption VulnerabilityIndustry Reference:CVE-2009-1563.
A memory corruption vulnerability exists in Mozilla Firefox Browser. The vulnerability is due to a boundary error when processing overly long floating point numbers. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page. Successful exploitation could result in execution of arbitrary code. This protection will detect and block HTML files that contain attempts to convert floating point numbers with an invalid level of precision.
IPS-1 & IPS-1 NGX R65: A protection was released in a previous update.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-119.
Virus: Win32.Pate.AWin32.Pate.A is a virus capable of modifing other files by infecting, prepending, or overwriting them. It is also a hacktool that could be used by attackers to break into a system. This protection will detect and block the propagation of the malware over CIFS.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-081.
HP OpenView Operations Agent Blank 'opc_op' Password VulnerabilityIndustry Reference:CVE-2010-0444.
A vulnerability has been reported in HP OpenView Operations Agent. the vulnerability can be exploited by a remote attacker to gain access to the target system and completely compromise an affected system. The protection will block attempts to login by the opc_op account on an HP Operations Agent.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-128.
Squid Proxy HTCP Packet Processing Denial of Service VulnerabilityIndustry Reference:CVE-2010-0639.
A denial of service vulnerability exists in Squid Proxy, a popular open source, Internet proxy and web caching application. The vulnerability is due to a NULL pointer dereference when processing specially crafted Hypertext Caching Protocol (HTCP) packets. Remote attackers can exploit this issue by sending a malicious HTCP request to the target server. The protection will detect and block invalid HTCP packets sent to the SquidProxy server.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-129.
Novell Netware FTP Server Remote Stack Buffer Overflow VulnerabilityIndustry Reference:CVE-2010-0625.
A buffer overflow vulnerability exists in Novell Netware, a network operating system that provides file sharing and other services such as printing and email. The vulnerability is due to a boundary error in NWFTPD.nlm when processing the MKD and RMD FTP commands. Remote authenticated attackers can exploit this vulnerability by sending maliciously crafted commands to the affected server. The protection will detect and block FTP RMD or MKD commands accessing long pathnames starting with a ~ character.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-130.
Apple Safari CSS format Argument Handling Memory Corruption VulnerabilityIndustry Reference:CVE-2010-0046.
A memory corruption vulnerability exists in Apple Safari, a web browsing application developed by Apple. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. The vulnerability is due to an error while processing CSS format arguments. A remote attacker can exploit this vulnerability by convincing a target user to open a malicious web page with a vulnerable application. The protection will detect and block HTML documents containing malformed CSS statements.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-131.
Symantec Products CLIproxy.dll ActiveX Control Buffer Overflow VulberabilityIndustry Reference:CVE-2010-0108.
A buffer overflow vulnerability exists in multiple Symantec products. The vulnerability is due to lack of boundary checks in the Symantec Client Proxy ActiveX control (CLIproxy.dll). This vulnerability can allow remote attackers to execute arbitrary code on a target system by enticing a target user to open a maliciously crafted HTML document. The protection will detect and block the transfer of html documents using the proscribed ActiveX control over HTTP, SMTP, FTP and IRC.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-132.
Opera Browser Content Length Buffer Overflow VulnerabilityA buffer overflow vulnerability exists in Opera Browser, a Web browser and Internet suite developed by the Opera Software company. The vulnerability is due to a boundary error in the way the browser processes HTTP server replies. Remote attackers could exploit this vulnerability by persuading a target user to connect to an attacker-controlled HTTP server with a vulnerable version of Opera.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-133.
Improvements have been made to the following protections:
Microsoft DHTML Editing Component ActiveX Control Code Execution Vulnerability (MS09-046)
CPAI-2009-127.
Microsoft DirectShow Size Validation Remote Code Execution Vulnerability (MS09-028)
CPAI-2009-125.
Microsoft DirectShow AVI Parser Heap Overflow Vulnerability (MS10-013)
CPAI-2010-032 .
Microsoft Web Services on Devices API Memory Corruption Vulnerability (MS09-063)
CPAI-2009-280.
Microsoft Word Sprm Parsing Memory Corruption Vulnerability (MS08-072)
CPAI-2008-175.
Microsoft XML Remote Code Execution Vulnerability (MS06-071)
CPAI-2006-140.
Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)
CPAI-2009-121.
RealNetworks RealPlayer Playlist Handling Buffer Overflow Vulnerability
CPAI-2008-061.
Messenger Information Disclosure Vulnerability (MS08-050)
CPAI-2008-120.
Microsoft Rich Textbox Control SaveFile File Overwrite Vulnerability
CPAI-2008-018.
|
May 17, 2010
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|