Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft MJPEG Decoder Vulnerability (MS08-033)

Check Point Reference: CPAI-2008-099
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Bulletin MS08-033
Industry Reference(s): CVE-2008-0011
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista SP1
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 (Itanium)
Vulnerability Description
A remote code execution vulnerability has been reported in the way that the Windows MJPEG Codec handles MJPEG streams in media files. MJPEG is a media file that contains a number of JPEG images that have been connected together to create a video stream. A remote attacker may exploit this vulnerability to take complete control of an affected system.
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS08-033
Vulnerability Details
The vulnerability is due to the way Windows performs error checking on MJPEG video streams embedded in ASF or AVI media files. A remote attacker might exploit this issue by convincing a victim to open a media file with a specially crafted MJPEG file embedded in it. Successful exploitation of this vulnerability may allow the attacker to execute arbitrary code on a target system.

Protection Overview
By enabling this protection, SmartDefense will detect and block malformed JPEG files.

In order for the protection to be activated, update your product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > Badfiles, and select the JPEG GDI exploit protection group.
3. Click JPEG Parsing: image size overflow (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entry will be logged:

Alert Name: badfiles_jpeg
Description: jpeg_imagesize_overflow