Update Protection against Microsoft Windows Media Player Remote Code Execution Vulnerabilities (MS06-078)
| Check Point Reference: | CPAI-2007-004 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS06-078 | |
| Industry Reference(s): | CVE-2006-6134 CVE-2006-4702 |
|
| Protection Provided by: |
VPN-1
|
|
|
Who is Vulnerable? Microsoft Windows Media Format versions 7.1 through 9.5 Microsoft Windows Media Format version 9.5 (x64 Edition) Microsoft Windows Media Player version 6.4 |
||
| Vulnerability Description Microsoft Windows Media Player is prone to multiple remote code execution vulnerabilities. The vulnerabilities are due to the way the application handles the processing of ASF and ASX files. ASF (Advanced Streaming Format) is a file format that stores audio and video information that is designed to run over networks. ASX (Advanced Stream Redirector) is a file format designed to store a list of Windows Media files to play during a multimedia presentation. A remote attacker could exploit these vulnerabilities to cause denial of service and execute arbitrary code via a maliciously crafted Windows Media Player file. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS06-078 |
|
|
Vulnerability Details These vulnerabilities are due to a buffer overflow error when processing malformed ASF and ASX files. An attacker can trigger these flaws by convincing a user to view a specially crafted HTML document containing a malicious ASF or ASX file. Successful exploitation could result in the crashing of the victim's application, once the malicious content is loaded allowing execution of arbitrary code. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed ASF and ASX over HTTP. Depending on the traffic mix, activating this protection may result in performance degradation.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on January 9, 2007 includes the following protections:
Microsoft Internet Explorer Memory Corruption Vulnerability (MS06-072) - CPAI-2007-001
Microsoft Internet Explorer TIF Folder Vulnerability (MS06-072) - CPAI-2007-002
Microsoft Outlook Express Windows Address Book Vulnerability (MS06-076) - CPAI-2007-003
Microsoft Windows Media Player Code Execution Vulnerabilities (MS06-078) - CPAI-2007-004
Malformed IMAP Commands Vulnerabilities (SBP-2007-01)
Blocking Syslog-Related Vulnerabilities (SBP-2007-02)
VPN-1 NGX R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection.
2. Select the following:
Malformed ASF
Malformed ASX
3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information:
Malformed ASF file
Malformed ASX file
VPN-1 NGX R61, VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed ASF
Malformed ASX
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information:
Malformed ASF file
Malformed ASX file
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed ASF
Malformed ASX
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log rules 99848 and 99846 for malformed ASF and ASX files accordingly.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed ASF
Malformed ASX
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log rules 99848 and 99846 for malformed ASF and ASX files accordingly.
InterSpect NGX
How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > SmartDefense. The SmartDefense page opens.
2. In the SmartDefense tree, click Application Intelligence > Content Protection and enable the following protection:
Malformed ASF
Malformed ASX
3. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information:
Malformed ASF file
Malformed ASX file
InterSpect 2.0
How Can I Protect My Network?
1. Click Application Intelligence > Content Protection and enable the following protection:
Malformed ASF
Malformed ASX
2. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information:
Malformed ASF file
Malformed ASX file