Preemptive Protection against Microsoft MHTML Information Disclosure Vulnerability (MS07-034)
| Check Point Reference: | CPAI-2007-071 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS07-034 | |
| Industry Reference(s): | CVE-2006-2111 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Outlook Express 6 on Windows XP SP2 Microsoft Outlook Express 6 on Windows XP Professional x64 Edition Microsoft Outlook Express 6 on Windows XP Professional x64 Edition SP2 Microsoft Outlook Express 6 on Windows Server 2003 SP1 Microsoft Outlook Express 6 on Windows Server 2003 SP2 Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition SP2 Microsoft Outlook Express 6 on Windows Server 2003 with SP1 (Itanium) Microsoft Outlook Express 6 on Windows Server 2003 with SP2 (Itanium) Windows Mail on Windows Vista Windows Mail on Windows Vista x64 Edition | ||
| Vulnerability Description An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is within the MHTML Protocol, a component of Outlook Express. The MHTML (MIME Encapsulation of Aggregate HTML) protocol handler provides a URL type (MHTML://) that permits MHTML encoded documents to be rendered in applications. The vulnerability could be exploited by a remote attacker to access sensitive information on behalf of the target user. |
||
|
Update/Patch Available Apply patches: MS07-034: Cumulative security update for Outlook Express and for Windows Mail |
|
|
Vulnerability Details The vulnerability is due to an error in the MHTML protocol handler that fails to properly process MHTML URL redirections. To trigger this flaw, an attacker can specially craft a malicious web page that exploits this vulnerability. Successful exploitation allows remote attackers to read content and data served from another domain in the context of a malicious web page. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the vulnerable MHTML handler. Depending on the traffic mix, activating this protection may lead to performance degradation. No update is required to address this vulnerability.
Users are protected against this vulnerability if the Microsoft Internet Explorer MHTML protection for blocking the vulnerable MHTML handler addressed in the Protection section of CPAI-2006-044 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > HTTP Client Protections > Microsoft Internet Explorer.
2. In the configuration pane, under Settings > Mode, check Active.
3. In the configuration pane, enable the following protection:
Block mhtml Redirection Vulnerability (CVE-2006-2111).
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker wil log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - mhtml Redirection Vulnerability
VPN-1 NGX R61, R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
Users of the versions mentioned above are protected against the vulnerability if the protection outlined in CPAI-2006-044 has been applied.
How Do I Know if My Network is Under Attack?
SmartView Tracker wil log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - mhtml Redirection Vulnerability
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
Users of the versions mentioned above are protected against the vulnerability if the protection outlined in CPAI-2006-044 has been applied.
How Do I Know if My Network is Under Attack?
Rule #99814 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
Users of the versions mentioned above are protected against the vulnerability if the protection outlined in CPAI-2006-044 has been applied.
How Do I Know if My Network is Under Attack?
Rule #99814 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
Users of the versions mentioned above are protected against the vulnerability if the protection outlined in CPAI-2006-044 has been applied.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - mhtml Redirection Vulnerability
InterSpect 2.0
How Can I Protect My Network?
Users of the versions mentioned above are protected against the vulnerability if the protection outlined in CPAI-2006-044 has been applied.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - mhtml Redirection Vulnerability