Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft AVI File Parsing Remote Code Execution Vulnerability (MS07-064)

Subscribe

Check Point Reference: CPAI-2007-140
Date Published:
Severity:
Source: Microsoft Security Bulletin MS07-064
Industry Reference(s): CVE-2007-3895
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
Who is Vulnerable?
Microsoft DirectX 7.0
Microsoft DirectX 8.1
Microsoft DirectX 9.0c
Microsoft DirectX 10
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Vulnerability Description
A remote code execution vulnerability has been reported in Microsoft DirectX. Microsoft DirectX is a set of libraries that aim for accelerated video and audio experience on Microsoft Windows operating system. DirectX can parse various file formats which include AVI files. A remote attacker can exploit this vulnerability via a specially crafted AVI file. Successful exploitation of the vulnerability allows execution of arbitrary code on a vulnerable system.
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS07-064
Vulnerability Details
The vulnerability is due to errors in Microsoft DirectX that fails to properly handle malformed AVI files. A remote attacker could trigger this flaw via a specially crafted AVI file. Successful exploitation allows execution of arbitrary code once a malformed AVI file is being loaded on a vulnerable system.

Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed AVI files over HTTP.

In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The update released on December 18, 2007 includes the following protections:

FLAC Project libFLAC Picture Buffer Vulnerability (CPAI-2007-136)
Apple QuickTime Crafted RTSP Response Buffer Overflow Vulnerability (CPAI-2007-137)
Recent Malware Threats (18-Dec-07) – CPAI-2007-138
Microsoft Windows Message Queuing Code Execution Vulnerability (MS07-065) – CPAI-2007-139
Microsoft AVI File Parsing Code Execution Vulnerability (MS07-064) – CPAI-2007-140

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection > Malformed AVI.
2. In the configuration pane, under Settings > Mode, check Active. Select the following protection:

Block Microsoft DirectX File Parsing Vulnerability (MS07-064)

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: AVI Content Protection Violation
Attack Information: DirectX file parsing vulnerability detected (MS07-064)

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:

Malformed AVI

3. In the configuration pane, select the following protection:

Block Microsoft DirectX File Parsing Vulnerability (MS07-064)

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: AVI Content Protection Violation
Attack Information: DirectX file parsing vulnerability detected (MS07-064)