SmartDefense Security Advisory

Adobe Photoshop CS4 ABR File Processing Buffer Overflow Vulnerability (APSB10-13)

Industry Reference:CVE-2010-1296.

A buffer overflow vulnerability has been reported in Adobe Photoshop CS4. Adobe Photoshop CS4 is a graphics editing program that features a 3D engine. By persuading a user to open a specially crafted ABR image file, an attacker may be able to execute arbitrary code on an affected system. This protection detects and blocks the transferring of malformed ABR files over HTTP.

Security Gateway R70/R71: A new protection is now available.
CPAI-2010-213.

Multiple Vendors rpc.pcnfsd Syslog Format String Vulnerability

Industry Reference:CVE-2010-1039.

An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. This protection will detect and block malformed RPC requests.

Security Gateway R70/R71: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
InterSpect NGX: A new protection is now available.
CPAI-2010-082.

Improvements have been made to the following protections:



Oracle BEA WebLogic Server Apache Connector Buffer Overflow Vulnerability
CPAI-2009-009.

Cursor and Icon Format Handling Could Allow Remote Code Execution Vulnerability (MS05-002)
CPAI-2005-06.

Microsoft Internet Explorer hxvz.dll Remote Code Execution Vulnerability (MS08-023)
CPAI-2008-050.

Microsoft Word Cascading Style Sheet (CSS) Vulnerability (MS08-026)
CPAI-2008-069.

Microsoft Excel FormulaValue Field Memory Corruption Vulnerability (MS09-021)
CPAI-2009-146.

HP OpenView Network Node Manager Message Handling Buffer Overflow Vulnerability
CPAI-2008-064.

 June 27, 2010

IPS Software Blade

Buy Now

Guidelines

Forums

SmartDefense Microsoft Security Resources
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe

As always, please feel free to contact us directly if you have any comments or questions.

Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065