Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft Windows Media Format ASF Parsing Code Execution Vulnerability (MS07-068)

Subscribe

Check Point Reference: CPAI-2007-142
Date Published:
Severity:
Source: Microsoft Security Bulletin MS07-068
Industry Reference(s): CVE-2007-0064
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55
VSX
  • NGX
InterSpect
  • NGX
Who is Vulnerable?
Microsoft Windows Media Format Runtime 7.1
Microsoft Windows Media Format Runtime 9
Microsoft Windows Media Format Runtime 9.5
Microsoft Windows Media Format Runtime 11
Microsoft Windows Media Format Runtime x64 Edition 9.5
Microsoft Windows Media Services 9.1
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Vulnerability Description
Multiple buffer overflow vulnerabilities have been reported in Microsoft Windows Media Format Runtime. The Microsoft Windows Media Format Runtime provides information and tools for applications that use Windows Media content. The core component of Windows Media Format is the Advanced Systems Format (ASF). ASF is a file format that stores audio and video information and is specially designed to run over networks like the Internet. A remote attacker can exploit this vulnerability via a specially crafted ASF file. Successful exploitation of the vulnerability allows execution of arbitrary code on a vulnerable system.
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS07-068
Vulnerability Details
The vulnerability is due to boundary errors in the Microsoft Windows Media Format Runtime that fails to properly process malformed ASF files. A remote attacker could trigger this flaw via a specially crafted ASF file. Successful exploitation allows execution of arbitrary code once a malformed ASF file is being loaded on a vulnerable system.

Protection Overview
By enabling this protection, SmartDefense will detect and block multiple vulnerabilities in the ASF file format.

In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The update released on December 30, 2007 includes the following protections:

Microsoft DirectX SAMI Files Parsing Vulnerability (MS07-064) – CPAI-2007-141
Microsoft Windows Media Format ASF Parsing Vulnerability (MS07-068) – CPAI-2007-142
Recent Malware Threats (30-Dec-07) – (CPAI-2007-143)

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection.
2. Select the following protection:

Block Multiple ASF Parsing Vulnerabilities (MS07-068)

3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information:
Malformed ASF file: internal error (MS07-068)
Malformed ASF file: JPEG Vulnerability detected (MS07-068)
Malformed ASF file: signature vulnerability detected (MS07-068)
Malformed ASF file: spread vulnerability detected (MS07-068)
Malformed ASF file: data length vulnerability detected (MS07-068)

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following protection:

Block Multiple ASF Parsing Vulnerabilities (MS07-068)

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information:
Malformed ASF file: internal error (MS07-068)
Malformed ASF file: JPEG Vulnerability detected (MS07-068)
Malformed ASF file: signature vulnerability detected (MS07-068)
Malformed ASF file: spread vulnerability detected (MS07-068)
Malformed ASF file: data length vulnerability detected (MS07-068)

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following protection:

Block Multiple ASF Parsing Vulnerabilities (MS07-068)

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99959 will appear on the SmartView Tracker.

VPN-1 VSX NGX

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following protection:

Block Multiple ASF Parsing Vulnerabilities (MS07-068)

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99959 will appear on the SmartView Tracker.

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > Content Protection.
3. Select the following protection:

Block Multiple ASF Parsing Vulnerabilities (MS07-068)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information:
Malformed ASF file: internal error (MS07-068)
Malformed ASF file: JPEG Vulnerability detected (MS07-068)
Malformed ASF file: signature vulnerability detected (MS07-068)
Malformed ASF file: spread vulnerability detected (MS07-068)
Malformed ASF file: data length vulnerability detected (MS07-068)