Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft Internet Explorer DirectAnimation Path (daxctle.ocx) Vulnerabilities (MS06-067)

Subscribe

Check Point Reference: CPAI-2006-118
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Bulletin MS06-067
Industry Reference(s): CVE-2006-4777
CVE-2006-4446
US-CERT VU#377369
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
VSX
  • NGX
InterSpect
  • NGX
Who is Vulnerable?
Microsoft Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 SP1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 98
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 98 SE
Microsoft Internet Explorer 6 SP1 on Microsoft Windows Millennium Edition
Vulnerability Description
Microsoft Internet Explorer (IE) contains heap overflow vulnerabilities. The vulnerabilities exist in Microsoft DirectAnimation Path ActiveX Control (DirectAnimation.PathControl) that is included in the COM object daxctle.ocx. DirectAnimation is a component of the DirectX family of APIs that provide animation and media support for Web pages and multimedia applications. By convincing a user to visit a specially crafted Web page, a remote attacker may trigger these vulnerabilities to deny service from legitimate users (by causing the victim's Web browser to crash) and could possibly execute arbitrary code on affected systems.
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS06-067
Vulnerability Details
These vulnerabilities are caused due to a memory corruption error in the daxctle.ocx COM object.

CVE-2006-4446: The vulnerability occurs when the DirectAnimation PathControl COM object is instantiated as an ActiveX control with an invalid Spline method.

CVE-2006-4777: The vulnerability occurs when processing a specially crafted argument passed to the "KeyFrame()" method of a daxctle.ocx COM object.

An attacker can trigger these flaws by convincing a user to view a specially crafted HTML document. Successful exploitation could result in the crashing of the victim's Web browser, once the malicious page is loaded and possibly allows execution of arbitrary code.

Protection Overview

The update protects against this vulnerability by blocking the vulnerable COM object. Depending on the traffic mix, activating this protection may result in performance degradation.

In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice. 

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The Update released on October 11, 2006 includes the following protections: 

Malformed DNS Resource Records Protection (MS06-041) - CPAI-2006-111
Microsoft Internet Explorer Memory Corruption Vulnerabilities (MS06-042) - CPAI-2006-112
Microsoft Windows MHTML Remote Code Execution Vulnerability (MS06-043) - CPAI-2006-113  
Microsoft Management Console Remote Code Execution Vulnerability (MS06-044) - CPAI-2006-114
Windows Explorer GUID Remote Code Execution Vulnerability (MS06-045) - CPAI-2006-115
Microsoft Windows RASMAN Buffer Overflow Vulnerabilities (MS06-025) - CPAI-2006-116
Microsoft Windows MailSlot Buffer Overflow Vulnerabilities (MS06-035) - CPAI-2006-117
Microsoft Internet Explorer (daxctle.ocx) Vulnerabilities (CPAI-2006-118)
CBSMS Mambo Module Remote File Vulnerabilities (CPAI-2006-119)

VPN-1 NGX R61, R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
1. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer.
2. In the Microsoft Internet Explorer configuration pane, click

Block Internet Explorer DirectAnimation Path Vulnerability (925444)

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Internet Explorer DirectAnimation Path Vulnerability (925444)

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections and then click Microsoft Internet Explorer.
2. In the Microsoft Internet Explorer configuration page, select

Block Internet Explorer DirectAnimation Path Vulnerability (925444)

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99838 will appear on the SmartView Tracker.

VPN-1 VSX NGX

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections and then click Microsoft Internet Explorer.
2. In the Microsoft Internet Explorer configuration page, select

Block Internet Explorer DirectAnimation Path Vulnerability (925444)

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99838 will appear on the SmartView Tracker.

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer.
3. In the Microsoft Internet Explorer configuration pane, select

Block Internet Explorer DirectAnimation Path Vulnerability (925444)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Internet Explorer DirectAnimation Path Vulnerability (925444)

InterSpect 2.0

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections > Microsoft Internet Explorer.
3. In the Microsoft Internet Explorer configuration pane, select

Block Internet Explorer DirectAnimation Path Vulnerability (925444)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Internet Explorer DirectAnimation Path Vulnerability (925444)