Update Protection against Microsoft Windows Media Player Skin Parsing Code Execution Vulnerability (MS07-047)
| Check Point Reference: | CPAI-2007-102 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS07-047 | |
| Industry Reference(s): | CVE-2007-3037 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows Media Player 7.1 Microsoft Windows Media Player 9 Microsoft Windows Media Player 10 Microsoft Windows Media Player 11 | ||
| Vulnerability Description A buffer overflow vulnerability has been identified in Microsoft Windows Media Player. Microsoft Windows Media Player is an application for the Microsoft Windows operating system. It supports numerous video, audio, and image formats. A remote attacker could exploit this issue via a malformed skin file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code on a target system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS07-047 |
|
|
Vulnerability Details The vulnerability is due to an error in Microsoft Windows Media Player that fails to properly validate data while parsing compressed skin files. A remote attacker could trigger this flaw by convincing a victim to open a specially crafted WMZ file. Successful exploitation of this issue may allow execution of arbitrary code on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed Windows Media Player Skin files over HTTP.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update released on November 7, 2007 includes the following protections:
Microsoft Windows Media Player Skin Parsing Vulnerability (MS07-047) CPAI-2007-102
MIT Kerberos kadmind RPC Library Buffer Overflow Vulnerability (CPAI-2007-126)
Sun Microsystems JRE Memory Exception Vulnerability (CPAI-2007-127)
Microsoft Windows MFC Library Heap Overflow Vulnerability (CPAI-2007-128)
Protections against Recent Malware Threats (CPAI-2007-129)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection.
2. Select the following:
Block Windows Media Player Skin Parsing Vulnerability (MS07-047)
3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed Windows Media Player skin file (MS07-047)
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Block Windows Media Player Skin Parsing Vulnerability (MS07-047)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed Windows Media Player skin file (MS07-047)
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Block Windows Media Player Skin Parsing Vulnerability (MS07-047)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99918 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Block Windows Media Player Skin Parsing Vulnerability (MS07-047)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99918 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > Content Protection.
3. Select the following protection:
Block Windows Media Player Skin Parsing Vulnerability (MS07-047)
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed Windows Media Player skin file (MS07-047)