Critical Vulnerability in Microsoft DirectPlay Can Allow Remote Code Execution
( Microsoft Security Bulletin MS12-082, CVE-2012-1537 )
A critical remote code execution vulnerability has been reported in the DirectPlay component of the Windows DirectX library. The Check Point IPS Software Blade provides immediate network protection against this issue.
DirectPlay is a high-level software interface between applications and communication services that allows users to connect games over the Internet, a modem link, or a network.
The vulnerability could allow remote code execution by an attacker on a targeted machine if the attacker convinces a user to view specially crafted web content that is designed to invoke Windows Media Player through Internet Explorer.
Please consult the Check Point Protection links in the table below to determine which versions of Windows are affected by each issue.
Check Point recommends applying the updates detailed in MS12-082 to vulnerable systems as soon as is practical. In the meantime, the Check Point IPS Software Blade provides immediate network protection against all of these issues in the latest IPS update by detecting and blocking the vulnerable ActiveX Control. The following table lists each CLSID Identifier with its associated Check Point protection.
|DirectPlay CLSID Identifier||Check Point Protection|
Last Updated: 12-Dec-2012