Protection against Microsoft Windows Embedded Web Fonts Vulnerability (MS06-002)
| Check Point Reference: | CPAI-2006-010 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS06-002 | |
| Industry Reference(s): | CVE-2006-0010 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 and SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 | ||
| Vulnerability Description A vulnerability exists in several Microsoft Windows operating systems because of the way these systems process embedded Web fonts (EOT) files. The vulnerability could be exploited by remote attackers to compromise a vulnerable system by persuading a user to access a Web page or HTML email containing a crafted embedded Web font. |
||
|
Update/Patch Available Please review Microsoft Security Bulletin MS06-002 for a complete list of affected products and their patches: http://www.microsoft.com/technet/security/bulletin/MS06-002.mspx |
|
|
Vulnerability Details Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded open type (EOT) Web fonts. The problem specifically exists due to a lack of validation on compressed embedded Web fonts. |
Protection Overview
The protection detects and blocks potentially malicious Embedded Open Type (malicious) files that can lead to execution of arbitrary code.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
Additional protections included with this update:
- Oracle XDB FTP Buffer Overflow (CPAI-2006-008)
- PHP ADOdb Test Scripts and PHP shell/web defacement tool (CPAI-2006-011)
- HP OpenView Remote Command Execution (CPAI-2006-012)
- Oracle XDB HTTP Buffer Overflow (CPAI-2006-013)
- Apache Format String1 and string2 (CPAI-2006-014)
InterSpect NGX
How Can I Protect My Network?
Users of InterSpect NGX should update their systems: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
To enable the protection:
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile. 
2. In the SmartDefense tree, click Application Intelligence > Content Protection and enable Block EOT files.
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following log entries:
Attack Name: Content Protection Violation
Attack Information: EOT files blocked
VPN-1 NGX R60
How Can I Protect My Network?
Users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update in the SmartDashboard General window.
To activate the protection:
1. On the SmartDefense tree, click Application Intelligence > Content Protection and enable Block Embedded Open Type (EOT) files.
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following log entries:
Attack Name: Content Protection Violation
Attack Information: EOT files blocked
VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
Users of VPN-1 NG with Application Intelligence R55W should update their SmartDefense by clicking Online Update in the SmartDashboard General window.
To activate the protection:
1. On the SmartDefense tree, click Application Intelligence > Content Protection and enable Block Embedded Open Type (EOT) files.
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following log entries:
Attack Name: Content Protection Violation
Attack Information: EOT files blocked
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
Users of VPN-1 NG with Application Intelligence R55 should update their SmartDefense by clicking Update Now in the SmartDashboard General window.
To activate the protection:
1. On the SmartDefense tree, click Application Intelligence > Content Protection and enable Block Embedded Open Type (EOT) files.
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule number 99878 indicating that an EOT file has been blocked.
InterSpect 2.0, 1.x
How Can I Protect My Network?
Users of InterSpect 2.0, 1.x should update their SmartDefense by clicking Update Now in the SmartDashboard General window.
To activate the protection:
1. On the SmartDefense tree, click Application Intelligence > Content Protection and enable Block Embedded Open Type (EOT) files.
2. Install policy on all modules
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following log entries:
Attack Name: Content Protection Violation
Attack Information: EOT files blocked