Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection Against Zero-Day Vulnerability in Microsoft Word 2000 (925059)

Subscribe

Check Point Reference: CPAI-2006-108
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Advisory (925059)
Industry Reference(s): CVE-2006-4534
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
Microsoft Word 2000
Vulnerability Description
A zero-day code execution vulnerability exists in Microsoft Word 2000. To exploit this vulnerability, a remote attacker must convince a user to open a maliciously crafted Word document that contains a Trojan horse referred to as Trojan.Mdropper.Q.
Vulnerability Details
When a malicious Word file containing Trojan.Mdropper.Q is opened, it activates the Trojan horse. The Trojan installs a backdoor on the infected system and then deletes itself.

Protection Overview
Users are protected against this vulnerability if the Block Office protection for Microsoft Windows vulnerabilities addressed in the Protection section of SBP-2006-06 has been applied.

By enabling this protection, SmartDefense will block the transferring of Microsoft Office Word files. Since the protection offered in the SBP-2006-06  advisory may degrade performance and block access to legitimate Office files, Check Point users are advised to use the Office protection as a workaround till your system is patched.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 NGX R61, VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the Protection outlined in SBP-2006-06 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Word Office document detected

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
Users of the version mentioned above are protected against this vulnerability if the Protection outlined in SBP-2006-06 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule #980119.

VPN-1 VSX NGX

How Can I Protect My Network?
Users of the version mentioned above are protected against this vulnerability if the Protection outlined in SBP-2006-06 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule #980119.

InterSpect NGX

How Can I Protect My Network?
Users of the version mentioned above are protected against this vulnerability if the Protection outlined in SBP-2006-06 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Word Office document detected

InterSpect 2.0

How Can I Protect My Network?
Users of the version mentioned above are protected against thisvulnerability if the Protection outlined in SBP-2006-06 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Word Office document detected