Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against GraceNote (CDDB) Control ActiveX Vulnerability

Subscribe

Check Point Reference: CPAI-2006-103
Date Published:
Severity:
Last Updated:
Source: FrSIRT/ADV-2006-2562
Industry Reference(s): CVE-2006-3134
US-CERT VU#701121
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
CDDBControl ActiveX Control
Sony CONNECT Player
Sony SonicStage version 3.3
Sony SonicStage version 3.4
Sony SonicStage Mastering Studio version 2.1
Sony SonicStage Mastering Studio version 2.2
Vulnerability Description
The Gracenote CDDB ActiveX control is used by Sony products (as well as other vendors) for looking up information about CDs in the Gracenote CD Data Base (CDDB). Gracenote CDDB ActiveX control contains a buffer overflow error. By convincing a user to visit a malicious Web page or open a malicious HTML, an attacker could cause the victim's system to execute arbitrary commands or cause the victim's Web browser to crash.
Vulnerability Status
 
Update/Patch Available
Apply patch:
http://www.gracenote.com/sec062706/GracenoteUpdateForSony.exe
Vulnerability Details
To trigger the vulnerability, an attacker can create a malicious Web page that initiates the ActiveX control with a specially-crafted option value. Successful exploitation could result in remote code execution on the victim's system or in the crashing of the user's Web browser, once the malicious page is loaded.

Protection Overview
The update defends against the vulnerability by blocking the vulnerable ActiveX (CDDB) Control application. Depending on the traffic mix, applying this update may result in performance degradation.

In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice. 

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The Update released on September 12, 2006 includes the following protections: 

Malformed IMAP Commands Protection (CPAI-2006-098)
Protection against Microsoft Windows DHCP Remote Code Execution (MS06-036) - CPAI-2006-101
MiniBB Remote File Vulnerabilities (CPAI-2006-102)
GraceNote (CDDB) Control ActiveX Vulnerability (CPAI-2006-103)
Microsoft Internet Explorer 6 (Internet.HHCtrl) Vulnerability (CPAI-2006-104)
Microsoft Internet Explorer UTF-8 Decoding Vulnerability (MS06-021) - CPAI-2006-105
Apache LDAP HTTP Server Buffer Overflow Vulnerability (CPAI-2006-106)
Pre-Patch Workaround for Microsoft Windows Vulnerabilities (SBP-2006-06)

VPN-1 NGX R61, R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
1. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer.
2. In the Microsoft Internet Explorer configuration pane, click

Block ActiveX (CDDB) Control Remote Buffer Overflow Vulnerability

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: ActiveX (CDDB) Control Remote Buffer Overflow Vulnerability

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections and then click Microsoft Internet Explorer.
2. In the Microsoft Internet Explorer configuration page, select

Block ActiveX (CDDB) Control Remote Buffer Overflow Vulnerability

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99830 will appear on the SmartView Tracker.

VPN-1 VSX NGX

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections and then click Microsoft Internet Explorer.
2. In the Microsoft Internet Explorer configuration page, select

Block ActiveX (CDDB) Control Remote Buffer Overflow Vulnerability

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99830 will appear on the SmartView Tracker.

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer.
3. In the Microsoft Internet Explorer configuration pane, select

Block ActiveX (CDDB) Control Remote Buffer Overflow Vulnerability

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: ActiveX (CDDB) Control Remote Buffer Overflow Vulnerability

InterSpect 2.0

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections and then click Microsoft Internet Explorer.
2. In the Microsoft Internet Explorer Configuration Pane,  select

Block ActiveX (CDDB) Control Remote Buffer Overflow Vulnerability

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: ActiveX (CDDB) Control Remote Buffer Overflow Vulnerability