Update Protections against Microsoft RTF Multiple Remote Code Execution Vulnerabilities (MS07-011, MS07-012, MS07-013)
| Check Point Reference: | CPAI-2007-026 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS07-011 Microsoft Security Bulletin MS07-012 Microsoft Security Bulletin MS07-013 |
|
| Industry Reference(s): | CVE-2006-1311 CVE-2007-0025 CVE-2007-0026 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 (Itanium) Microsoft Windows Server 2003 SP1 (Itanium) Microsoft Windows Server 2003 x64 Edition | ||
| Vulnerability Description Multiple vulnerabilities have been identified in Microsoft Windows, Microsoft Office and Visual Studio. The RichEdit, MFC and OLE Dialog components, provided with Microsoft Windows and Microsoft Office, are prone to a remote code execution vulnerability. A remote attacker could exploit these issues via a malformed embedded OLE object within a Rich Text Format (RTF) file. Rich Text Format (RTF) provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. Successful exploitation of these vulnerabilities may allow execution of arbitrary code on a target system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS07-011 Microsoft Security Bulletin MS07-012 Microsoft Security Bulletin MS07-013 |
|
|
Vulnerability Details The vulnerabilities are due to memory corruption errors in the RichEdit, MFC and OLE Dialog components in Microsoft Windows. The components fail to properly handle OLE objects embedded within RTF files. An attacker can exploit this flaw to take complete control over a vulnerable system via a specially crafted RTF file with a malformed OLE object. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed RTF files over HTTP.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on March 14, 2007 includes the following protections:
Microsoft RTF Multiple Code Execution Vulnerabilities (MS07-011, MS07-012, MS07-013) CPAI-2007-026
Microsoft Step-by-Step Interactive Training Code Execution Vulnerability (MS07-005) CPAI-2007-027
Microsoft HTML Help ActiveX Control Code Execution Vulnerability (MS07-008) CPAI-2007-028
Sun Solaris Telnet Bypass Vulnerability (CPAI-2007-029)
Microsoft IE FTP Responses Code Execution Vulnerability (MS07-016) CPAI-2007-030
Microsoft Malware Protection Engine PDF Code Execution Vulnerability (MS07-010) CPAI-2007-031
Microsoft MDAC Code Execution Vulnerability (MS07-009) CPAI-2007-032
Microsoft Multiple COM Objects Vulnerability (MS07-016) CPAI-2007-033
VPN-1 NGX R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection.
2. Select the following:
Malformed RTF File (MS07-011, MS07-012, MS07-013)
3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed RTF file (MS07-011, MS07-012, MS07-013)
VPN-1 NGX R61, R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed RTF File (MS07-011, MS07-012, MS07-013)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed RTF file (MS07-011, MS07-012, MS07-013)
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed RTF File (MS07-011, MS07-012, MS07-013)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99854 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed RTF File (MS07-011, MS07-012, MS07-013)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99854 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer vulnerabilities.
3. Select the following pattern:
Malformed RTF File (MS07-011, MS07-012, MS07-013)
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed RTF file (MS07-011, MS07-012, MS07-013)
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections > Microsoft Internet Explorer vulnerabilities.
2. Select the following pattern:
Malformed RTF File (MS07-011, MS07-012, MS07-013)
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed RTF file (MS07-011, MS07-012, MS07-013)