Update Protection against OpenOffice TIFF File Parsing Integer Overflow Vulnerability

Vulnerability
Protection

Check Point Reference:	CPAI-2007-120
Date Published:
Severity:
Source:	FrSIRT/ADV-2007-3184
Industry Reference(s):	CVE-2007-2834
Protection Provided by:	VPN-1 NGX R65 NGX R62 NGX R61 NGX R60 InterSpect NGX
Who is Vulnerable? OpenOffice.org OpenOffice Prior to 2.3.0
Vulnerability Description An integer overflow vulnerability has been identified in the OpenOffice software suite. OpenOffice is an open source office suite that is capable of processing several types of graphic document formats, including the Tagged Image File Format (TIFF). A remote attacker could exploit this issue via a malformed TIFF file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system.

Update/Patch Available Upgrade to OpenOffice.org version 2.3: OpenOffice
Vulnerability Details The vulnerability is due to an error in OpenOffice that fails to properly parse malformed Tagged Image File Format (TIFF) images. A remote attacker could trigger this flaw by convincing a victim to open a specially OpenOffice TIFF file. Successful exploitation of this issue may allow execution of arbitrary code on a vulnerable system.

Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed OpenOffice TIFF files over HTTP.

In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The update released on October 28, 2007 includes the following protections:

OpenOffice TIFF File Parsing Integer Overflow Vulnerability (CPAI-2007-120)
Microsoft Windows Kodak Image Viewer Vulnerability (MS07-055) - CPAI-2007-121
Microsoft Visual Studio PDWizard.ocx ActiveX Control Vulnerability (CPAI-2007-122)
Microsoft Word Malformed String Memory Corruption Vulnerability (MS07-060) - CPAI-2007-123
Microsoft Windows RPC NTLMSSP Authentication DoS Vulnerability (MS07-058) - CPAI-2007-124
New Feature for the Block FTP Brute Force Attacks Protection (SBP-2007-09)
Blocking QQ Instant Messenger (SBP-2007-10)

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection > Malformed TIFF.
2. In the configuration pane, under Settings > Mode, check Active.
3. Select the following:

Block OpenOffice TIFF Parsing Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: TIFF Content Protection Violation
Attack Information: Malformed OpenOffice TIFF

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:

Malformed TIFF

3. In the configuration pane, select the following:

Block OpenOffice TIFF Parsing Vulnerability

4.Install policy on all modules.

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile. 2. In the SmartDefense tree, click Application Intelligence > Content Protection.
3. Select the following:

Malformed TIFF

4. In the configuration pane, select the following:

Block OpenOffice TIFF Parsing Vulnerability

5.Install policy on all modules.

Legal Notice for Threat Center Advisories