 |
 Microsoft DirectShow Crafted MJPEG Stream Handling Code Execution Vulnerability (MS10-033)
Industry Reference:CVE-2010-1879.
A remote code execution vulnerability has been discovered in the way that Microsoft DirectShow parses AVI media files. Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. Audio Video Interleave (AVI) is a file type that is used with applications that capture, edit, and play back audio-video sequences. A remote attacker could exploit this issue via a malformed AVI file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed AVI files over HTTP.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-203.
Microsoft DirectShow MJPEG Crafted Segments Code Execution Vulnerability (MS10-033)Industry Reference:CVE-2010-1880.
A remote code execution vulnerability has been discovered in the way that Microsoft DirectShow parses AVI media files. Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. Audio Video Interleave (AVI) is a file type that is used with applications that capture, edit, and play back audio-video sequences. A remote attacker could exploit this issue via a malformed AVI file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed AVI files - embedding JPEG files with bad segments - over HTTP.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-205.
Microsoft Internet Explorer 8 Developer Tools ActiveX Memory Corruption Vulnerability (MS10-034)Industry Reference:CVE-2010-0811.
A remote code execution vulnerability has been reported in Internet Explorer 8 Developer Tools. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-001.
Microsoft Internet Explorer toStaticHTML Information Disclosure Vulnerability (MS10-035)Industry Reference:CVE-2010-1257.
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-086.
Microsoft Internet Explorer CStyleSheet Uninitialized Memory Corruption Vulnerability (MS10-035)Industry References:CVE-2010-1259, CVE-2010-1262.
Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. A remote attacker could exploit these issues by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-087.
Microsoft Excel RealTimeData Record Stack Overflow Vulnerability (MS10-038)Industry Reference:CVE-2010-1246.
A stack overflow vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-088.
Microsoft Excel RealTimeData Record Heap Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-1247.
A heap corruption vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-089.
Microsoft Excel HFPicture Record Stack Overflow Vulnerability (MS10-038)Industry Reference:CVE-2010-1248.
A stack overflow vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-090.
Microsoft Excel WOpt Record Memory Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-0824.
A memory corruption vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-091.
Microsoft Excel External Name Record Memory Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-1249.
A memory corruption vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-092.
Microsoft Excel DBQueryExt Record Memory Pointer Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-1253.
A remote code execution vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-093.
Microsoft Excel OBJ Record Stack Overflow Vulnerability (MS10-038)Industry Reference:CVE-2010-0822.
A stack overflow vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-094.
Microsoft Excel SxView Record Memory Pointer Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-1245.
A memory corruption vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-095.
Microsoft Excel Lbl Record Stack Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-1251.
A stack corruption vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: Preemptive protection is provided by this product.
VPN-1 NGX R65 & VSX NGX R65: Preemptive protection is provided by this product.
CPAI-2010-096.
Microsoft Excel SxView Record Parsing Memory Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-0821.
A memory corruption vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-097.
Microsoft Excel Malformed Chart Sheet Substream Memory Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-0823.
A memory corruption vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-098.
Microsoft Excel Un-Documented Publisher Record Memory Corruption Vulnerability (MS10-038)Industry Reference:CVE-2010-1250.
A memory corruption vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-099.
Microsoft Excel ExternSheet Record String Length Stack Overrun Vulnerability (MS10-038)Industry Reference:CVE-2010-1252.
A stack overrun vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. This protection will detect and block the transferring of malformed Excel files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: Preemptive protection is provided by this product.
VPN-1 NGX R65 & VSX NGX R65: Preemptive protection is provided by this product.
CPAI-2010-202.
Microsoft SharePoint Help Page Denial of Service Vulnerability (MS10-039)Industry Reference:CVE-2010-1264.
A denial of service vulnerability has been discovered in Microsoft SharePoint Server 2007. Windows SharePoint Services provide a platform for collaboration applications and document management. Office SharePoint Server is an integrated suite of server capabilities built on top of Windows SharePoint Services. A remote attacker may exploit this vulnerability to cause the Web server to become non-responsive. This protection will detect and block malicious HTTP requests made to the vulnerable SharePoint server.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
CPAI-2010-200.
Microsoft XML Signature HMAC Truncation Bypass Vulnerability (MS10-041)Industry Reference:CVE-2009-0217.
A tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. The Microsoft .NET Framework is a component of the Microsoft Windows operating system that enables building and running software applications and Web services. A remote attacker may exploit this issue to bypass authentication. This protection will detect and block the transferring of malformed XML files over HTTP.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70/R71: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-201.
Security Best Practice: Suspicious Adobe Director FilesMultiple vulnerabilities have been identified in Adobe Shockwave Player. Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. An attacker can exploit these issues via a specially crafted Director file. A remote attacker may exploit these vulnerabilities to create a denial of service condition or to take complete control of an affected system. This protection detects and blocks the transferring of suspicious Adobe Director files over HTTP.
Security Gateway R70/R71: A new protection is now available.
SBP-2010-21.
|
June 8, 2010
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|