January 2007 SmartDefense Services Bulletin

SmartDefense Services Bulletin

January 2007

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

In This Bulletin

About SmartDefense Services
Advisories
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

Preemptive, ongoing, and real-time updates to defenses and security policies
Ongoing new protocol and application defenses against emerging threats and attacks
Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
Anti-virus updates and alerts for Check Point VPN-1 UTM
Anti-spyware updates for Check Point Integrity Anti-Spyware
Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Integrity)

Advisories (Sorted by Severity, then Date)


CPAI-2006-323
	Date:
	Severity:
	Description:	Update Protection against Sun Directory Server LDAP Denial of Service
	Sources:	INSERT_VALUE
	Vulnerable Systems:	Sun Microsystems Java System Directory Server 5.2 SP4 and earlier Sun Microsystems Solaris 9

CPAI-2006-322
	Date:
	Severity:
	Description:	Update Protection against Citrix MetaFrame IMA Authentication Processing Buffer Overflow
	Sources:	Secunia Advisory: SA22802
	Vulnerable Systems:	Citrix Systems MetaFrame XP 1.0 Citrix Systems MetaFrame XP 2.0 Citrix Systems MetaFrame Presentation Server 3.0 Citrix Systems MetaFrame Presentation Server 4.0

CPAI-2006-321
	Date:
	Severity:
	Description:	Update Protection against CA Products Discovery Service Buffer Overflow
	Sources:	Secunia Advisory: SA22285
	Vulnerable Systems:	CA BrightStor ARCserve Backup 9.01 CA BrightStor ARCserve Backup 11.1 CA BrightStor ARCserve Backup 11.5 SP1 and below CA BrightStor ARCserve Backup for Windows 11 CA BrightStor Enterprise Backup 10.5 CA Business Protection Suite 2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition 2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition 2 CA Server Protection Suite 2

CPAI-2006-320
	Date:
	Severity:
	Description:	Update Protection against Mercury Mail Transport System Buffer Overflow
	Sources:	Secunia Advisory: SA18611
	Vulnerable Systems:	David Harris Mercury Mail Transport System 3.x David Harris Mercury Mail Transport System 4.01b and prior

CPAI-2006-318
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows CSRSS HardError Message Box (MS07-021)
	Sources:	Microsoft Scurity Bulletin MS07-021
	Vulnerable Systems:	Microsoft Windows 2000 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-313
	Date:
	Severity:
	Description:	Update Protection against Symantec Veritas NetBackup Server bpcd Long Request Buffer Overflow
	Sources:	Secunia Advisory: SA23368
	Vulnerable Systems:	Symantec VERITAS NetBackup 5.0 without MP7 Symantec VERITAS NetBackup 5.1 without MP6 Symantec VERITAS NetBackup 6.0 without MP4

CPAI-2006-312
	Date:
	Severity:
	Description:	Update Protection against Novell eDirectory evtFilteredMonitorEventsRequest Function Heap Overflow
	Sources:	Secunia Advisory: SA22506
	Vulnerable Systems:	Novell eDirectory 8.7.3.8 and priors Novell eDirectory 8.8.1 and priors

CPAI-2006-311
	Date:
	Severity:
	Description:	Update Protection against Novell eDirectory HTTP Server Redirection Buffer Overflow
	Sources:	Secunia Advisory: SA22519
	Vulnerable Systems:	Novell eDirectory 8.7.x, 8.7.3.8 and subsequent Novell eDirectory 8.8.x, 8.8.1 and priors

CPAI-2006-310
	Date:
	Severity:
	Description:	Update Protection against Oracle Database Server SDO_CS.TRANSFORM_LAYER Buffer Overflow
	Sources:	Secunia Advisory: SA22396
	Vulnerable Systems:	Oracle Database Server 8.1.7.4 and prior Oracle Database Server 9.0.1.5 and prior Oracle Database Server 9.2.0.7 and prior Oracle Database Server 10.1.0.4 and prior

CPAI-2006-306
	Date:
	Severity:
	Description:	Update Protection against CA Products Message Engine RPC Server Opcode 43 Buffer Overflow
	Sources:	Secunia Advisory: SA22285
	Vulnerable Systems:	CA BrightStor ARCserve Backup 9.01 CA BrightStor ARCserve Backup 11.1 CA BrightStor ARCserve Backup 11.5 SP1 and below CA BrightStor ARCserve Backup for Windows 11 CA BrightStor Enterprise Backup 10.5 CA Business Protection Suite 2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition 2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition 2 CA Server Protection Suite 2

CPAI-2006-302
	Date:
	Severity:
	Description:	Update Protection against McAfee Multiple Products HTTP Server Header Processing Buffer Overflow
	Sources:	Secunia Advisory: SA22222
	Vulnerable Systems:	McAfee ePolicy Orchestrator 3.x prior to 3.5 Patch 6 McAfee ProtectionPilot 1.1.x prior to Patch 3

CPAI-2006-287
	Date:
	Severity:
	Description:	Update Protection against CA BrightStor ARCserve Backup Tape Engine RPC ReserveGroup Buffer Overflow
	Sources:	Secunia Advisory: SA23060
	Vulnerable Systems:	CA BrightStor ARCserve Backup r11.5 Prior to SP2 CA BrightStor ARCserve Backup r11.1 CA BrightStor ARCserve Backup r11.0 CA BrightStor ARCserve Backup r10.5 CA BrightStor ARCserve Backup r9.01

CPAI-2006-286
	Date:
	Severity:
	Description:	Update Protection against CA BrightStor ARCserve Backup Tape Engine RPC GetGroupStatus Buffer Overflow
	Sources:	Secunia Advisory: SA23060
	Vulnerable Systems:	CA BrightStor ARCserve Backup r11.5 Prior to SP2 CA BrightStor ARCserve Backup r11.1 CA BrightStor ARCserve Backup r11.0 CA BrightStor ARCserve Backup r10.5 CA BrightStor ARCserve Backup r9.01

CPAI-2006-284
	Date:
	Severity:
	Description:	Update Protection against Novell ZENworks Asset Management Msg.dll Buffer Overflow
	Sources:	Secunia Advisory: SA23157
	Vulnerable Systems:	Novell ZENworks Asset Management 7.0 SP1

CPAI-2006-277
	Date:
	Severity:
	Description:	Update Protection against RealNetworks Helix Server DESCRIBE Request Buffer Overflow
	Sources:	Secunia Advisory: SA22944
	Vulnerable Systems:	RealNetworks Helix Server 11.1.2 and possibly priors

CPAI-2006-275
	Date:
	Severity:
	Description:	Update Protection against HP OpenView Client Configuration Manager Radia Notify Code Execution
	Sources:	Secunia Advisory: SA22780
	Vulnerable Systems:	HP OpenView Client Configuration Manager 1.0

CPAI-2006-270
	Date:
	Severity:
	Description:	Update Protection against Oracle Database Server MDSYS.SDO_LRS Package SQL Injection
	Sources:	Secunia Advisory: SA22396
	Vulnerable Systems:	Oracle Database Server 10.1.0.5 and prior Oracle Database Server 10.2.0.2 and prior Oracle Database Server 8.1.7.4 and prior Oracle Database Server 9.0.1.5 and prior Oracle Database Server 9.2.0.7 and prior

CPAI-2006-269
	Date:
	Severity:
	Description:	Update Protection against CA Products Message Engine RPC Server Opcode 45 Buffer Overflow
	Sources:	Secunia Advisory: SA22285
	Vulnerable Systems:	CA BrightStor ARCserve Backup v9.01 CA BrightStor ARCserve Backup r11.1 CA BrightStor ARCserve Backup r11.5 SP1 and below CA BrightStor ARCserve Backup for Windows r11 CA BrightStor Enterprise Backup 10.5 CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Server Protection Suite r2

CPAI-2006-251
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows RRAS Memory Corruption
	Sources:	Secunia Advisory: SA20630
	Vulnerable Systems:	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-244
	Date:
	Severity:
	Description:	Update Protection against Symantec AntiVirus Real Time Virus Scan Service Stack Overflow
	Sources:	Secunia Advisory: SA20318
	Vulnerable Systems:	Symantec Antivirus Corporate Edition 10.0 (build 10.0.0.359 - 10.0.1.1000) Symantec Antivirus Corporate Edition 10.0 (build 10.0.1.1007) Symantec Antivirus Corporate Edition 10.0 (build 10.0.1.1008) Symantec Antivirus Corporate Edition 10.0 (build 10.0.2.2000) Symantec Antivirus Corporate Edition 10.0 (build 10.0.2.2001) Symantec Antivirus Corporate Edition 10.0 (build 10.0.2.2010) Symantec Antivirus Corporate Edition 10.0 (build 10.0.2.2020) Symantec Antivirus Corporate Edition 10.1 (build 10.1.0.394) Symantec Antivirus Corporate Edition 10.1 (build 10.1.0.400) Symantec Client Security 3.0 (build 3.0.0.359 - 3.0.1.1000) Symantec Client Security 3.0 (build 3.0.1.1007) Symantec Client Security 3.0 (build 3.0.1.1008) Symantec Client Security 3.0 (build 3.0.2.2000) Symantec Client Security 3.0 (build 3.0.2.2001) Symantec Client Security 3.0 (build 3.0.2.2010) Symantec Client Security 3.0 (build 3.0.2.2020) Symantec Client Security 3.1 (build 3.1.0.394) Symantec Client Security 3.1 (build 3.1.0.400)

CPAI-2006-239
	Date:
	Severity:
	Description:	Update Protection against Alt-N MDaemon POP3 Server USER and APOP Commands Buffer Overflow
	Sources:	Secunia Advisory: SA21595
	Vulnerable Systems:	Alt-N Technologies MDaemon 6.x Alt-N Technologies MDaemon 7.x Alt-N Technologies MDaemon 8.x Alt-N Technologies MDaemon 9.x prior to 9.06

CPAI-2006-221
	Date:
	Severity:
	Description:	Update Protection against Novell GroupWise Messenger Accept-Language Header Buffer Overflow
	Sources:	Secunia Advisory: SA19663
	Vulnerable Systems:	Novell GroupWise Messenger 2.0

CPAI-2006-216
	Date:
	Severity:
	Description:	Update Protection against McAfee WebShield SMTP Bounce Message Format String
	Sources:	Secunia Advisory: SA19491
	Vulnerable Systems:	McAfee WebShield 4.5 MR1a and prior

CPAI-2006-212
	Date:
	Severity:
	Description:	Update Protection against Symantec VERITAS NetBackup Volume Manager Buffer Overflow
	Sources:	Secunia Advisory: SA19417
	Vulnerable Systems:	Symantec VERITAS NetBackup 5.0 Symantec VERITAS NetBackup 5.1 Symantec VERITAS NetBackup 6.0 Symantec VERITAS NetBackup DataCenter and BusinesServer 4.5FP Symantec VERITAS NetBackup DataCenter and BusinesServer 4.5MP

CPAI-2006-209
	Date:
	Severity:
	Description:	Update Protection against Sendmail SMTP Timeout Buffer Overflow
	Sources:	Secunia Advisory: SA19342
	Vulnerable Systems:	Sendmail Consortium Sendmail prior to 8.13.6

CPAI-2006-196
	Date:
	Severity:
	Description:	Update Protection against Novell Distributed Print Services Integer Overflow
	Sources:	Secunia Advisory: SA20048
	Vulnerable Systems:	Novell Netware 6.5 Novell Client 4.91 and prior

CPAI-2006-192
	Date:
	Severity:
	Description:	Update Protection against MySQL COM_TABLE_DUMP Function Stack Overflow
	Sources:	Secunia Advisory: SA19929
	Vulnerable Systems:	MySQL AB MySQL 5.0.20 and prior

CPAI-2006-186
	Date:
	Severity:
	Description:	Update Protection against Oracle Database Server DBMS_EXPORT_EXTENSION Package Privilege Escalation
	Sources:	Secunia Advisory: SA19712
	Vulnerable Systems:	Oracle Database Server 8.1.7.4 - 10.2.0.2

CPAI-2006-178
	Date:
	Severity:
	Description:	Update Protection against Oracle Database Server XDB.DBMS_XMLSCHEMA Buffer Overflow
	Sources:	Secunia Advisory: SA18493
	Vulnerable Systems:	Oracle Database Server 10g Release 1 Oracle Database Server 9i Release 2

CPAI-2006-177
	Date:
	Severity:
	Description:	Update Protection against CA iTechnology iGateway Service Content-Length Buffer
	Sources:	Secunia Advisory: SA18591
	Vulnerable Systems:	CA BrightStor ARCserve Backup 9.01 CA BrightStor ARCserve Backup 10.5 CA BrightStor ARCserve Backup 11 CA BrightStor ARCserve Backup 11.1 CA BrightStor ARCserve Backup 11.5 CA BrightStor Enterprise Backup 10.5 CA BrightStor Portal 11.1 CA BrightStor Process Automation Manager 11.1 CA BrightStor SAN Manager 11.1 CA BrightStor SAN Manager 11.5 CA BrightStor Storage Resource Manager 6.3 CA BrightStor Storage Resource Manager 6.4 CA BrightStor Storage Resource Manager 11.1 CA BrightStor Storage Resource Manager 11.5 CA eTrust Admin 8.1 CA eTrust Audit 1.5 SP2 CA eTrust Audit 1.5 SP3 CA eTrust Audit 8.0 CA eTrust Directory 8.1 CA eTrust Identity Minder 8.0 CA eTrust Integrated Threat Management 8 CA eTrust Secure Content Manager 8 CA Unicenter Application Performance Monitor 11 CA Unicenter Application Server Management 11 CA Unicenter Asset Portfolio Management 11 CA Unicenter AutoSys JM 11 CA Unicenter CA Web Services Distributed Management 11 CA Unicenter Exchange Management 11 CA Unicenter Management For WebLogic and WebSphere 11 CA Unicenter MQ Management 11 CA Unicenter Service Catalog/Fulfillment/Accounting 11 CA Unicenter Service Delivery 11 CA Unicenter Service Desk 11 CA Unicenter Service Desk Knowledge Tools 11 CA Unicenter Service Fulfillment 2.2 CA Unicenter Service Fulfillment 11 CA Unicenter Service Level Management 11 CA Unicenter Service Matrix Analysis 11 CA Unicenter Web Server Management 11

CPAI-2006-173
	Date:
	Severity:
	Description:	Update Protection against Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow
	Sources:	Secunia Advisory: SA18484
	Vulnerable Systems:	Novell SUSE Linux Enterprise Server 9

CPAI-2006-172
	Date:
	Severity:
	Description:	Update Protection against Microsoft Exchange and Outlook TNEF Decoding Integer Overflow
	Sources:	Secunia Advisory: SA18368
	Vulnerable Systems:	Microsoft Exchange Server 5.0 Microsoft Exchange Server 5.5 Microsoft Exchange Server 2000 Microsoft Outlook 2000 Microsoft Outlook 2002 Microsoft Outlook 2003

CPAI-2006-156
	Date:
	Severity:
	Description:	Preemptive Protection against MailEnable POP3 Remote Code Execution Vulnerability
	Sources:	Secunia Advisory: SA23127
	Vulnerable Systems:	MailEnable Standard Edition version 1.98 and prior MailEnable Enterprise Edition version 2.35 and prior MailEnable Professional Edition version 2.35 and prior

CPAI-2006-153
	Date:
	Severity:
	Description:	Preemptive Protection against Easy File Sharing FTP Server 'PASS' Buffer Overflow Vulnerability
	Sources:	FrSIRT/ADV-2006-3068 Secunia Advisory: SA21289
	Vulnerable Systems:	Easy File Sharing FTP Server version 2.0 and prior

CPAI-2006-151
	Date:
	Severity:
	Description:	Preemptive Protection against Golden FTP USER Denial of Service Vulnerability
	Sources:	Secunia Advisory: SA23323
	Vulnerable Systems:	Golden FTP Server version 1.92

CPAI-2006-324
	Date:
	Severity:
	Description:	Update Protection against Linux Kernel SCTP Chunkless Packet Denial of Service Vulnerability
	Sources:	Secunia Advisory: SA20917
	Vulnerable Systems:	Linux Kernel Project Linux Kernel 2.6.x prior to 2.6.16.23 Linux Kernel Project Linux Kernel 2.6.17.x prior to 2.6.17.3

CPAI-2006-319
	Date:
	Severity:
	Description:	Update Protection against Novell NetMail IMAP APPEND Command Buffer Overflow
	Sources:	Secunia Advisory: SA23437
	Vulnerable Systems:	Novell NetMail 3.5.2 and possibly prior

CPAI-2006-317
	Date:
	Severity:
	Description:	Update Protection against Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption
	Sources:	Secunia Advisory: SA23445
	Vulnerable Systems:	Sun Microsystems Java Runtime Environment 1.3.1_18 and prior Sun Microsystems Java Runtime Environment 1.4.2_12 and prior Sun Microsystems Java Runtime Environment 5.0 Update 7 and prior

CPAI-2006-316
	Date:
	Severity:
	Description:	Update Protection against Mozilla Products Frame Comment Objects Manipulation Memory Corruption
	Sources:	Secunia Advisory: SA23282
	Vulnerable Systems:	Mozilla Foundation Firefox 1.5.0.4 Mozilla Foundation Firefox 1.5.0.5 Mozilla Foundation Firefox 1.5.0.6 Mozilla Foundation Firefox 1.5.0.7 Mozilla Foundation Firefox 1.5.0.8 Mozilla Foundation Firefox 2 Mozilla Foundation SeaMonkey 1.0.6 and prior

CPAI-2006-315
	Date:
	Severity:
	Description:	Update Protection against MailEnable POP3 Service PASS Command Buffer Overflow
	Sources:	Secunia Advisory: SA23127
	Vulnerable Systems:	MailEnable MailEnable Enterprise Edition 1.1 - 1.41 MailEnable MailEnable Enterprise Edition 2.0 - 2.35 MailEnable MailEnable Professional Edition 1.1 - 1.84 MailEnable MailEnable Professional Edition 2.0 - 2.35 MailEnable MailEnable Standard Edition 1.98 and prior

CPAI-2006-309
	Date:
	Severity:
	Description:	Update Protection against Apache HTTP Server mod_tcl Module Format String
	Sources:	Secunia Advisory: SA22458
	Vulnerable Systems:	Apache Software Foundation mod_tcl Module Prior to 1.0.1

CPAI-2006-308
	Date:
	Severity:
	Description:	Update Protection against Microsoft PowerPoint Malformed Data Record Code Execution (MS06-058)
	Sources:	Microsoft Scurity Bulletin MS06-058
	Vulnerable Systems:	Microsoft PowerPoint 2000 Microsoft PowerPoint 2002 Microsoft PowerPoint 2004 for Mac Microsoft PowerPoint v. X for Mac

CPAI-2006-307
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel COLINFO Record Buffer Overflow (MS06-059)
	Sources:	Microsoft Scurity Bulletin MS06-059
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2004 for Mac Microsoft Excel v. X for Mac Microsoft Excel Viewer 2003

CPAI-2006-304
	Date:
	Severity:
	Description:	Update Protection against MailEnable SMTP NTLM Authentication Buffer Overflow
	Sources:	Secunia Advisory: SA22179
	Vulnerable Systems:	MailEnable MailEnable Enterprise 2.X MailEnable MailEnable Professional 2.X

CPAI-2006-301
	Date:
	Severity:
	Description:	Update Protection against Microsoft PowerPoint Malformed Record Code Execution (MS06-058)
	Sources:	Microsoft Scurity Bulletin MS06-058
	Vulnerable Systems:	Microsoft PowerPoint 2000 Microsoft PowerPoint 2002 Microsoft PowerPoint 2003 Microsoft PowerPoint 2004 for Mac Microsoft PowerPoint v. X for Mac

CPAI-2006-300
	Date:
	Severity:
	Description:	Update Protection against OpenSSH sshd Identical Blocks Denial of Service
	Sources:	Secunia Advisory: SA22091
	Vulnerable Systems:	OpenBSD Project OpenSSH 4.x and prior versions

CPAI-2006-299
	Date:
	Severity:
	Description:	Update Protection against Apple QuickTime Plug-In Security Bypass
	Sources:	Secunia Advisory: SA22048
	Vulnerable Systems:	Apple Computer QuickTime 7.x

CPAI-2006-298
	Date:
	Severity:
	Description:	Update Protection against GNU gzip LZH Decompression make_table Stack Modification
	Sources:	Secunia Advisory: SA21996
	Vulnerable Systems:	Free Software Foundation gzip 1.3.5 and priors

CPAI-2006-297
	Date:
	Severity:
	Description:	Update Protection against Ipswitch WS_FTP Server FTP Commands Buffer Overflow
	Sources:	Secunia Advisory: SA21932
	Vulnerable Systems:	Ipswitch WS_FTP Server 5.05

CPAI-2006-296
	Date:
	Severity:
	Description:	Update Protection against Mozilla Products Regular Expressions Heap Corruption
	Sources:	Secunia Advisory: SA21906
	Vulnerable Systems:	Mozilla Foundation Firefox Prior to 1.5.0.7 Mozilla Foundation SeaMonkey Prior to 1.0.5 Mozilla Foundation Thunderbird Prior to 1.5.0.7

CPAI-2006-295
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer daxctle.ocx KeyFrame Method Memory Corruption (MS06-067)
	Sources:	Microsoft Scurity Bulletin MS06-067
	Vulnerable Systems:	Microsoft Internet Explorer 5.x Microsoft Internet Explorer 6

CPAI-2006-294
	Date:
	Severity:
	Description:	Update Protection against Apple QuickTime FLIC Animation File Buffer Overflow
	Sources:	Secunia Advisory: SA21893
	Vulnerable Systems:	Apple Computer Quicktime prior to 7.1.3

CPAI-2006-293
	Date:
	Severity:
	Description:	Update Protection against Apple QuickTime H.264 Crafted Movie Buffer Overflow
	Sources:	Secunia Advisory: SA21893
	Vulnerable Systems:	Apple Computer Quicktime prior to 7.1.3

CPAI-2006-291
	Date:
	Severity:
	Description:	Update Protection against IBM DB2 Universal Database Connection Handshake Denial of Service
	Sources:	SecurityFocus Bugtraq ID: 19586
	Vulnerable Systems:	IBM DB2 Universal Database 8.0 IBM DB2 Universal Database 8.1 prior to FixPak 13 IBM DB2 Universal Database 8.2 prior to FixPak 6

CPAI-2006-290
	Date:
	Severity:
	Description:	Update Protection against Ipswitch IMail Server SMTP Service Buffer Overflow
	Sources:	Secunia Advisory: SA21795
	Vulnerable Systems:	Ipswitch IMail Server 2006 prior to 2006.04a Ipswitch IMail Server Plus 2006 prior to 2006.04a Ipswitch IMail Server Secure 2006 prior to 2006.04a

CPAI-2006-289
	Date:
	Severity:
	Description:	Update Protection against Microsoft Word Formatted Disk Pages Table Memory Corruption (MS07-014)
	Sources:	Microsoft Scurity Bulletin MS07-014
	Vulnerable Systems:	Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word 2004 for Mac Microsoft Word Viewer 2003 Microsoft Works Suite 2004 Microsoft Works Suite 2005 Microsoft Works Suite 2006

CPAI-2006-288
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows RIS TFTP Service Writable Path Vulnerability (MS06-077)
	Sources:	Microsoft Security Bulletin MS06-077
	Vulnerable Systems:	Microsoft Windows 2000

CPAI-2006-285
	Date:
	Severity:
	Description:	Update Protection against Adobe Download Manager AOM File Section Name Buffer Overflow
	Sources:	Adobe Security Bulletin APSB06-19
	Vulnerable Systems:	Adobe Systems Download Manager 2.1

CPAI-2006-283
	Date:
	Severity:
	Description:	Update Protection against GNU Radius SQL Accounting Format String Vulnerability
	Sources:	Secunia Advisory: SA23087
	Vulnerable Systems:	Free Software Foundation GNU Radius 1.2 and prior Free Software Foundation GNU Radius 1.3

CPAI-2006-282
	Date:
	Severity:
	Description:	Update Protection against MailEnable IMAP Service Invalid Command Buffer Overflow
	Sources:	Secunia Advisory: SA23047
	Vulnerable Systems:	MailEnable MailEnable Enterprise 1.20 and prior MailEnable MailEnable Enterprise 2.32 and prior MailEnable MailEnable Professional 1.82 and prior MailEnable MailEnable Professional 2.32 and prior

CPAI-2006-281
	Date:
	Severity:
	Description:	Update Protection against CA BrightStor ARCserve Backup Tape Engine Service Buffer Overflow
	Sources:	Secunia Advisory: SA23060
	Vulnerable Systems:	CA BrightStor ARCserve Backup v11.5

CPAI-2006-280
	Date:
	Severity:
	Description:	Update Protection against Citrix Presentation Server IMA Invalid Event Data Length Denial of Service
	Sources:	Secunia Advisory: SA22802
	Vulnerable Systems:	Citrix Systems MetaFrame XP 1.0 Citrix Systems MetaFrame XP 2.0 Citrix Systems MetaFrame Presentation Server 3.0 Citrix Systems MetaFrame Presentation Server 4.0

CPAI-2006-279
	Date:
	Severity:
	Description:	Update Protection against Novell Client Print Provider Buffer Overflow
	Sources:	Secunia Advisory: SA23027
	Vulnerable Systems:	Novell Novell Client 4.91 and previous versions

CPAI-2006-278
	Date:
	Severity:
	Description:	Update Protection against Adobe AcroPDF ActiveX Control Memory Corruption
	Sources:	Adobe Security Bulletin APSA06-02
	Vulnerable Systems:	Adobe Acrobat Professional 7.0.0 - 7.0.8 Adobe Acrobat Reader 7.0.0 - 7.0.8 Adobe Acrobat Standard 7.0.0 - 7.0.8

CPAI-2006-274
	Date:
	Severity:
	Description:	Update Protection against America Online ICQ ActiveX Control DownloadAgent Function Code Execution
	Sources:	Secunia Advisory: SA22670
	Vulnerable Systems:	America Online ICQ 5.1

CPAI-2006-273
	Date:
	Severity:
	Description:	Update Protection against OpenLDAP LDAP Server BIND Request Denial of Service
	Sources:	Secunia Advisory: SA22750
	Vulnerable Systems:	OpenLDAP Foundation OpenLDAP 2.3.28 and prior

CPAI-2006-272
	Date:
	Severity:
	Description:	Update Protection against Novell iManager Tomcat HTTP POST Request Handling Denial of Service
	Sources:	Secunia Advisory: SA22657
	Vulnerable Systems:	Novell iManager 2.5 and prior

CPAI-2006-271
	Date:
	Severity:
	Description:	Update Protection against Nullsoft WinAmp Ultravox ultravox-max-msg Header Buffer Overflow
	Sources:	Secunia Advisory: SA22580
	Vulnerable Systems:	Nullsoft Winamp 5.3 and prior

CPAI-2006-268
	Date:
	Severity:
	Description:	Update Protection against Microsoft Office Malformed GIF File Processing Code Execution (MS06-039)
	Sources:	Microsoft Scurity Bulletin MS06-039
	Vulnerable Systems:	Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Project 2000 Microsoft Project 2002 Microsoft Project 2003 Microsoft OneNote 2003

CPAI-2006-267
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Malformed FNGROUPCOUNT Value Code Execution (MS06-037)
	Sources:	Secunia Advisory: SA20686
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel v. X for Mac Microsoft Excel 2004 for Mac Microsoft Excel Viewer 2003

CPAI-2006-266
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Malformed OBJECT Record Code Execution (MS06-037)
	Sources:	Secunia Advisory: SA20686
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2004 for Mac Microsoft Excel v. X for Mac Microsoft Excel Viewer 2003

CPAI-2006-265
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Malformed SELECTION Record Code Execution (MS06-037)
	Sources:	Microsoft Scurity Bulletin MS06-037
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2004 for Mac Microsoft Excel v. X for Mac Microsoft Excel Viewer 2003

CPAI-2006-264
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows DHCP Client Service Buffer Overflow (MS06-036)
	Sources:	Secunia Advisory: SA21010
	Vulnerable Systems:	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-263
	Date:
	Severity:
	Description:	Update Protection against Microsoft IIS Server Crafted ASP Page Buffer Overflow (MS06-034)
	Sources:	Microsoft Scurity Bulletin MS06-034
	Vulnerable Systems:	Microsoft Internet Information Services 5.0 Microsoft Internet Information Services 5.1 Microsoft Internet Information Services 6.0

CPAI-2006-262
	Date:
	Severity:
	Description:	Update Protection against Microsoft ASP.NET Application Folder Information Disclosure (MS06-033)
	Sources:	Microsoft Scurity Bulletin MS06-033
	Vulnerable Systems:	Microsoft .NET Framework 2.0

CPAI-2006-261
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Asian Languages Style Handling Buffer Overflow (MS06-059)
	Sources:	Microsoft Scurity Bulletin MS06-059
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel XP Microsoft Excel 2003 Microsoft Excel Viewer 2003

CPAI-2006-260
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows Explorer Invalid URL File Parsing Stack Overflow
	Sources:	SecurityFocus Bugtraq ID: 18838
	Vulnerable Systems:	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-259
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer HHCtrl.ocx Image Property Heap Corruption (MS06-046)
	Sources:	Secunia Advisory: SA20906
	Vulnerable Systems:	Microsoft Internet Explorer 6.0

CPAI-2006-258
	Date:
	Severity:
	Description:	Update Protection against Apple iTunes AAC File Handling Integer Overflow
	Sources:	Secunia Advisory: SA20891
	Vulnerable Systems:	Apple Computer iTunes prior to 6.0.5

CPAI-2006-257
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer Cross Domain Information Disclosure (MS06-042)
	Sources:	Microsoft Scurity Bulletin MS06-042
	Vulnerable Systems:	Microsoft Internet Explorer 5.01 SP4 Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 SP1

CPAI-2006-256
	Date:
	Severity:
	Description:	Update Protection against RealNetworks Helix Server RTSP Malformed HTTP Header Buffer Overflow
	Sources:	INSERT_VALUE
	Vulnerable Systems:	RealNetworks Helix DNA Server 10.0.x RealNetworks Helix DNA Server 11.0.x

CPAI-2006-255
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Embedded Shockwave Flash Object Code Execution (MS06-069)
	Sources:	Microsoft Scurity Bulletin MS06-069
	Vulnerable Systems:	Microsoft Excel 97 Microsoft Excel 2000 Microsoft Excel XP Microsoft Excel 2003

CPAI-2006-254
	Date:
	Severity:
	Description:	Update Protection against Nullsoft Winamp Midi File Header Handling Buffer Overflow
	Sources:	Secunia Advisory: SA20722
	Vulnerable Systems:	Nullsoft Winamp 5.21 and below

CPAI-2006-253
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Crafted URL Unicode Buffer Overflow Vulnerability (MS06-050)
	Sources:	Microsoft Security Bulletin MS06-050
	Vulnerable Systems:	Microsoft Excel 97 Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel Viewer 2003

CPAI-2006-252
	Date:
	Severity:
	Description:	Update Protection against Microsoft Exchange Server Outlook Web Access Script Injection (MS06-029)
	Sources:	Secunia Advisory: SA20634
	Vulnerable Systems:	Microsoft Exchange Server 2000 Microsoft Exchange Server 2003 Service Pack 1 Microsoft Exchange Server 2003 Service Pack 2

CPAI-2006-250
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer COM Object Instantiation Memory Corruption (MS06-021)
	Sources:	Secunia Advisory: SA20595
	Vulnerable Systems:	Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6

CPAI-2006-249
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer HTML Decoding Memory Corruption
	Sources:	Secunia Advisory: SA20595
	Vulnerable Systems:	Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.01 Microsoft Outlook 2000 Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook Express 6

CPAI-2006-248
	Date:
	Severity:
	Description:	Update Protection against Mozilla Firefox DOMNodeRemoved Memory Corruption
	Sources:	Secunia Advisory: SA20376
	Vulnerable Systems:	Mozilla Foundation Firefox prior to 1.5.0.4 Mozilla Foundation SeaMonkey prior to 1.0.2 Mozilla Foundation Thunderbird prior to 1.5.0.4

CPAI-2006-246
	Date:
	Severity:
	Description:	Update Protection against Microsoft Internet Explorer MHTML URI Buffer Overflow
	Sources:	Secunia Advisory: SA20384
	Vulnerable Systems:	Microsoft Internet Explorer 6.0

CPAI-2006-243
	Date:
	Severity:
	Description:	Update Protection against Linux Kernel SNMP NAT Netfilter Memory Corruption
	Sources:	Secunia Advisory: SA20225
	Vulnerable Systems:	Linux Kernel Project Kernel 2.6.16.17 and earlier

CPAI-2006-242
	Date:
	Severity:
	Description:	Update Protection against TikiWiki jhot.php Script File Upload Security Bypass
	Sources:	Secunia Advisory: SA21733
	Vulnerable Systems:	TikiWiki TikiWiki 1.9.4 and prior

CPAI-2006-241
	Date:
	Severity:
	Description:	Update Protection against MySQL MaxDB WebDBM Server Buffer Overflow
	Sources:	Secunia Advisory: SA21677
	Vulnerable Systems:	MySQL AB MaxDB Webtool prior to 7.6.00.30

CPAI-2006-240
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer Long URL Buffer Overflow
	Sources:	Microsoft Scurity Bulletin 923762
	Vulnerable Systems:	Microsoft Internet Explorer 6.0 Service Pack 1

CPAI-2006-238
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer COM Object Instantiation Memory Corruption
	Sources:	INSERT_VALUE
	Vulnerable Systems:	Microsoft Windows 2000

CPAI-2006-237
	Date:
	Severity:
	Description:	Update Protection against IBM eGatherer ActiveX RunEgatherer Function Buffer Overflow
	Sources:	Secunia Advisory: SA21528
	Vulnerable Systems:	IBM Access Support 2.x IBM Access Support 3.x

CPAI-2006-236
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows Help HLP File Processing Memory Corruption
	Sources:	SecurityFocus Bugtraq ID: 19490
	Vulnerable Systems:	Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Millennium Edition Microsoft Windows NT 4.0 Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-235
	Date:
	Severity:
	Description:	Update Protection against ClamAV UPX File Handling Heap Overflow
	Sources:	Secunia Advisory: SA21374
	Vulnerable Systems:	ClamAV Project ClamAV 0.81 ClamAV Project ClamAV 0.82 ClamAV Project ClamAV 0.83 ClamAV Project ClamAV 0.84 ClamAV Project ClamAV 0.85 ClamAV Project ClamAV 0.86 ClamAV Project ClamAV 0.87 ClamAV Project ClamAV 0.88.3 and prior

CPAI-2006-234
	Date:
	Severity:
	Description:	Update Protection against Microsoft Visual Basic Document Properties Buffer Overrun (MS06-047)
	Sources:	Microsoft Scurity Bulletin MS06-047
	Vulnerable Systems:	Microsoft Access 2000 Runtime Service Pack 3 Microsoft Office 2000 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Project 2000 Service Release 1 Microsoft Project 2002 Service Pack 1 Microsoft Visio 2002 Service Pack 2 Microsoft Visual Basic for Applications SDK 6.0 Microsoft Visual Basic for Applications SDK 6.2 Microsoft Visual Basic for Applications SDK 6.3 Microsoft Visual Basic for Applications SDK 6.4 Microsoft Works Suite 2004 Microsoft Works Suite 2005 Microsoft Works Suite 2006

CPAI-2006-233
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer DirectAnimation COM Object Memory Corruption (MS06-042)
	Sources:	Microsoft Scurity Bulletin MS06-042
	Vulnerable Systems:	Microsoft Internet Explorer 5 Microsoft Internet Explorer 6

CPAI-2006-232
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows DNS Client Buffer Overrun
	Sources:	Secunia Advisory: SA21394
	Vulnerable Systems:	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-231
	Date:
	Severity:
	Description:	Update Protection against GnuPG Message Packet Length Handling Integer Overflow
	Sources:	Secunia Advisory: SA21297
	Vulnerable Systems:	Free Software Foundation GnuPG 1.4.4 and prior

CPAI-2006-230
	Date:
	Severity:
	Description:	Update Protection against McAfee Subscription Manager ActiveX Stack Buffer Overflow
	Sources:	Secunia Advisory: SA21264
	Vulnerable Systems:	McAfee AntiSpyware 1.x McAfee AntiSpyware 2.x McAfee Internet Security Suite 6.x McAfee Internet Security Suite 7.x McAfee Internet Security Suite 8.x McAfee Personal Firewall Plus 5.x McAfee Personal Firewall Plus 6.x McAfee Personal Firewall Plus 7.x McAfee Privacy Service 6.x McAfee Privacy Service 7.x McAfee Privacy Service 8.x McAfee QuickClean 4.x McAfee QuickClean 5.x McAfee QuickClean 6.x McAfee SpamKiller 5.x McAfee SpamKiller 6.x McAfee SpamKiller 7.x McAfee VirusScan 10.x McAfee VirusScan 8.x McAfee VirusScan 9.x McAfee Wireless Home Network Security 1.x

CPAI-2006-229
	Date:
	Severity:
	Description:	Update Protection against Apache Server mod_rewrite Module LDAP Scheme Handling Buffer Overflow
	Sources:	Secunia Advisory: SA21197
	Vulnerable Systems:	Apache Software Foundation HTTP Server 2.2.0 to 2.2.2 Apache Software Foundation HTTP Server 2.0.46 to 2.0.58 Apache Software Foundation HTTP Server 1.3.28 to 1.3.36

CPAI-2006-228
	Date:
	Severity:
	Description:	Update Protection against Oracle Database dbms_assert Filter Bypass
	Sources:	SecurityFocus Bugtraq ID: 19203
	Vulnerable Systems:	Oracle Database Server 8i Oracle Database Server 9i Oracle Database Server 10g

CPAI-2006-227
	Date:
	Severity:
	Description:	Update Protection against Mozilla Browsers JavaScript Navigator Object Memory Corruption
	Sources:	Secunia Advisory: SA19873
	Vulnerable Systems:	Mozilla Foundation Firefox 1.5.0 Mozilla Foundation Firefox 1.5.0.1 Mozilla Foundation Firefox 1.5.0.2 Mozilla Foundation Firefox 1.5.0.3 Mozilla Foundation Firefox 1.5.0.4 Mozilla Foundation SeaMonkey 1.0 Mozilla Foundation SeaMonkey 1.0.1 Mozilla Foundation SeaMonkey 1.0.2

CPAI-2006-225
	Date:
	Severity:
	Description:	Update Protection against MySQL Server DATE_FORMAT Function Format String
	Sources:	Secunia Advisory: SA19929
	Vulnerable Systems:	MySQL AB MySQL 4.1.20 and prior MySQL AB MySQL 5.0.20 and prior MySQL AB MySQL 5.1.8 and prior

CPAI-2006-224
	Date:
	Severity:
	Description:	Update Protection against Oracle Database SYS.KUPW-WORKER Package MAIN Procedure SQL Injection
	Sources:	Secunia Advisory: SA21111
	Vulnerable Systems:	Oracle Database Server 10g 10.1.0.5 and priors

CPAI-2006-223
	Date:
	Severity:
	Description:	Update Protection against Microsoft PowerPoint PPT File Parsing Memory Corruption
	Sources:	Secunia Advisory: SA21061
	Vulnerable Systems:	Microsoft PowerPoint 2000 Microsoft PowerPoint 2002 Microsoft PowerPoint 2003

CPAI-2006-220
	Date:
	Severity:
	Description:	Update Protection against Microsoft Outlook Express Windows Address Book File Overflow (MS06-016)
	Sources:	Secunia Advisory: SA19617
	Vulnerable Systems:	Microsoft Outlook Express 5.5 Microsoft Outlook Express 6

CPAI-2006-219
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer HTML Tag Memory Corruption (MS06-013)
	Sources:	Secunia Advisory: SA18957
	Vulnerable Systems:	Microsoft Internet Explorer 6.0

CPAI-2006-218
	Date:
	Severity:
	Description:	Update Protection against Oracle Database Server Crafted View Privilege Escalation
	Sources:	SecurityFocus Bugtraq ID: 17426
	Vulnerable Systems:	Oracle Database Server 9.2.0.0 to 10.2.0.3

CPAI-2006-217
	Date:
	Severity:
	Description:	Update Protection against ClamAV Output Log Handling Format String
	Sources:	Secunia Advisory: SA19534
	Vulnerable Systems:	ClamAV Project ClamAV 0.88 and prior

CPAI-2006-215
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer Plugin Loading Address Bar Spoofing (MS06-021)
	Sources:	Secunia Advisory: SA19521
	Vulnerable Systems:	Microsoft Internet Explorer 5.0 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6

CPAI-2006-214
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows Help File Heap Buffer Overflow
	Sources:	SecurityFocus Bugtraq ID: 17325
	Vulnerable Systems:	Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Millennium Edition Microsoft Windows NT 4.0 Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-213
	Date:
	Severity:
	Description:	Update Protection against Symantec VERITAS NetBackup vnetd Buffer Overflow
	Sources:	Secunia Advisory: SA19417
	Vulnerable Systems:	Symantec VERITAS NetBackup 6.0

CPAI-2006-211
	Date:
	Severity:
	Description:	Update Protection against RealNetworks RealPlayer SWF Flash File Buffer Overflow
	Sources:	Secunia Advisory: SA19358
	Vulnerable Systems:	RealNetworks Rhapsody Player 3 (build 0.815 - 1.0.269) RealNetworks RealPlayer 8 RealNetworks RealPlayer 10 RealNetworks RealPlayer 10.5, build 6.0.12.1348 and below RealNetworks RealPlayer Enterprise RealNetworks RealOne Player v1 RealNetworks RealOne Player v2

CPAI-2006-210
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer createTextRange Remote Code Execution Vulnerability (MS06-013)
	Sources:	Microsoft Security Bulletin MS06-013
	Vulnerable Systems:	Microsoft Internet Explorer 5.0 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0

CPAI-2006-208
	Date:
	Severity:
	Description:	Update Protection against UltraVNC VNCLog Buffer Overflow
	Sources:	Secunia Advisory: SA19513
	Vulnerable Systems:	UltraVNC Project UltraVNC 1.0.1 and below

CPAI-2006-207
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer Script Action Handler Buffer Overflow
	Sources:	SecurityFocus Bugtraq ID: 17131
	Vulnerable Systems:	Microsoft Internet Explorer 5.x Microsoft Internet Explorer 6.0 Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook Express 5.x Microsoft Outlook Express 6.x

CPAI-2006-206
	Date:
	Severity:
	Description:	Update Protection against Microsoft Office Malformed Routing Slip Code Execution
	Sources:	Secunia Advisory: SA19138
	Vulnerable Systems:	Microsoft Word 2000 Microsoft Word 2002 Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Outlook 2000 Microsoft Outlook 2002 Microsoft PowerPoint 2000 Microsoft PowerPoint 2002

CPAI-2006-205
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Malformed Record Code Execution (MS06-012)
	Sources:	Secunia Advisory: SA19138
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel X for Mac Microsoft Excel 2003 Microsoft Excel 2004 for Mac Microsoft Excel Viewer 2003

CPAI-2006-204
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Malformed Graphic Code Execution (MS06-012)
	Sources:	Secunia Advisory: SA19138
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel X for Mac Microsoft Excel 2003 Microsoft Excel 2004 for Mac Microsoft Excel Viewer 2003

CPAI-2006-203
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Malformed File Format Parsing Code Execution (MS06-012)
	Sources:	Secunia Advisory: SA19138
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel X for Mac Microsoft Excel 2003 Microsoft Excel 2004 for Mac Microsoft Excel Viewer 2003

CPAI-2006-201
	Date:
	Severity:
	Description:	Update Protection against Microsoft Word Smart Tags Code Execution (MS06-027)
	Sources:	Microsoft Scurity Bulletin MS06-027
	Vulnerable Systems:	Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word Viewer 2003

CPAI-2006-200
	Date:
	Severity:
	Description:	Update Protection against Apple QuickTime BMP File Handling Heap Overflow
	Sources:	Secunia Advisory: SA20069
	Vulnerable Systems:	Apple QuickTime prior to 7.1

CPAI-2006-199
	Date:
	Severity:
	Description:	Update Protection against Apple QuickTime udta Atom Buffer Overflow
	Sources:	Secunia Advisory: SA20069
	Vulnerable Systems:	Apple Quicktime prior to 7.1

CPAI-2006-198
	Date:
	Severity:
	Description:	Update Protection against Apple QuickTime FPX File Handling Integer Overflow
	Sources:	Secunia Advisory: SA20069
	Vulnerable Systems:	Apple Quicktime prior to 7.1

CPAI-2006-197
	Date:
	Severity:
	Description:	Update Protection against EMC Retrospect Client Crafted Packet Buffer Overflow
	Sources:	SecurityFocus Bugtraq ID: 17948
	Vulnerable Systems:	EMC Retrospect Client for Windows 7.5.x prior 7.5.116 EMC Retrospect Client for Windows 7.0.x prior 7.5.112 EMC Retrospect Client for Windows 6.5.x prior 7.5.140 EMC Retrospect Client for Macintosh 6.1.x prior 6.1.130 EMC Retrospect Client for Macintosh 5.1.x prior 5.1.180 EMC Retrospect Client for Linux 7.5 EMC Retrospect Client for Linux 7.0 EMC Retrospect Client for Linux 6.5 EMC Retrospect Client for Solaris 7.5 EMC Retrospect Client for Solaris 7.0 EMC Retrospect Client for Solaris 6.5 EMC Retrospect Client for NetWare 1.0

CPAI-2006-195
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows itss.dll CHM File Handling Heap Corruption
	Sources:	Secunia Advisory: SA20061
	Vulnerable Systems:	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-194
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows MSDTC Denial of Service
	Sources:	Secunia Advisory: SA20000
	Vulnerable Systems:	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-193
	Date:
	Severity:
	Description:	Update Protection against Sophos Anti-Virus CAB File Invalid Folder Count Heap Overflow
	Sources:	Secunia Advisory: SA20028
	Vulnerable Systems:	Sophos Anti-Virus Windows v5, prior to 5.2.1 Sophos Anti-Virus Windows v4.5, prior to 4.5.12 Sophos Anti-Virus Windows v4.0, prior to 4.05 Sophos Anti-Virus Mac OS X v 4.7, prior to 4.7.2 Sophos Anti-Virus Mac OS 8/9, prior to 4.05 Sophos Anti-Virus Unix/Linux, prior to 4.05 Sophos Anti-Virus Netware, prior to 4.05 Sophos Anti-Virus OS/2, prior to 4.05 Sophos Anti-Virus OpenVMS, prior to 4.05 Sophos Anti-Virus DOS/Windows 3.1x, prior to 4.05 Sophos Gateway Products PureMessage for Windows/Exchange, prior to 5.2.1 Sophos Gateway Products PureMessage for Unix, prior to 4.05 Sophos Gateway Products MailMonitor for SMTP - Windows, prior to 4.05 Sophos Gateway Products MailMonitor for Notes/Domino, prior to 4.05 Sophos Gateway Products MailMonitor for Exchange, prior to 4.05 Sophos Small Business Solutions all editions, prior to 4.05

CPAI-2006-191
	Date:
	Severity:
	Description:	Update Protection against MySQL Login Handshake Information Disclosure
	Sources:	Secunia Advisory: SA19929
	Vulnerable Systems:	MySQL AB MySQL 4.0.x, prior to 4.0.27 MySQL AB MySQL 4.1.x, prior to 4.1.19 MySQL AB MySQL 5.0.x, prior to 5.0.21

CPAI-2006-189
	Date:
	Severity:
	Description:	Update Protection against Mozilla Firefox JavaScript Function focus Buffer Overflow
	Sources:	Secunia Advisory: SA19802
	Vulnerable Systems:	Mozilla Foundation Firefox 1.5.0.2 and prior Mozilla Foundation SeaMonkey 1.0.1 and prior

CPAI-2006-188
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer Nested Object Tag Handling Memory Corruption (MS06-021)
	Sources:	Secunia Advisory: SA19762
	Vulnerable Systems:	Microsoft Internet Explorer 5.0 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0

CPAI-2006-187
	Date:
	Severity:
	Description:	Update Protection against Symantec Scan Engine Authentication Bypass
	Sources:	Secunia Advisory: SA19734
	Vulnerable Systems:	Symantec Scan Engine prior to 5.1.0.7 Symantec Scan Engine for Bluecoat Symantec Scan Engine for Caching Symantec Scan Engine for Clearswift Symantec Scan Engine for ISA Symantec Scan Engine for Messaging Symantec Scan Engine for Microsoft Symantec Scan Engine for Netapp Filer Symantec Scan Engine for Netapp NetCache Symantec Scan Engine for Network Attached Storage

CPAI-2006-184
	Date:
	Severity:
	Description:	Update Protection against Mozilla Products Graphics and XML Features Integer Overflows
	Sources:	Secunia Advisory: SA18700
	Vulnerable Systems:	Mozilla Foundation Firefox 1.6a1 Mozilla Foundation Mozilla Suite 1.7.13 Mozilla Foundation Mozilla Suite 1.7.14

CPAI-2006-183
	Date:
	Severity:
	Description:	Update Protection against Mozilla Products QueryInterface Method Memory Corruption
	Sources:	Secunia Advisory: SA18700
	Vulnerable Systems:	Mozilla Foundation Firefox 1.5.x prior to 1.5.0.1 Mozilla Foundation Thunderbird 1.5

CPAI-2006-182
	Date:
	Severity:
	Description:	Update Protection against Mozilla Browsers CSS moz-binding Cross Domain Scripting
	Sources:	SecurityFocus Bugtraq ID: 16427
	Vulnerable Systems:	Mozilla Foundation Firefox 1.5.0.1 and prior Mozilla Foundation Mozilla Suite 1.7.12 and prior

CPAI-2006-181
	Date:
	Severity:
	Description:	Update Protection against Apache HTTP Server auth_ldap Logging Function Format String
	Sources:	Secunia Advisory: SA18382
	Vulnerable Systems:	rudedog.org auth_ldap Prior to 1.6.1

CPAI-2006-180
	Date:
	Severity:
	Description:	Update Protection against Mozilla Firefox Tag Order Memory Corruption
	Sources:	Secunia Advisory: SA19631
	Vulnerable Systems:	Mozilla Foundation Firefox 1.0.7 and prior Mozilla Foundation Thunderbird 1.0.7 and prior Mozilla Foundation Mozilla Suite 1.7.12 and prior

CPAI-2006-179
	Date:
	Severity:
	Description:	Update Protection against Nullsoft Winamp Player Playlists Name Handling Buffer Overflow
	Sources:	Secunia Advisory: SA18649
	Vulnerable Systems:	Nullsoft Winamp 5.11 Nullsoft Winamp 5.111 Nullsoft Winamp 5.112 Nullsoft Winamp 5.12

CPAI-2006-176
	Date:
	Severity:
	Description:	Update Protection against Oracle Database Server SYS.DBMS_METADATA_UTIL Package SQL Injection
	Sources:	Secunia Advisory: SA18493
	Vulnerable Systems:	Oracle Database Server 10g Release 1 Oracle Database Server 9i Release 2

CPAI-2006-175
	Date:
	Severity:
	Description:	Update Protection against Oracle Database Server SQL Injection In Package SYS.KUPV
	Sources:	Secunia Advisory: SA18493
	Vulnerable Systems:	Oracle Database Server 10g Release 1

CPAI-2006-174
	Date:
	Severity:
	Description:	Update Protection against Oracle Application Server Reports desname Arbitrary File Overwriting
	Sources:	Secunia Advisory: SA16092
	Vulnerable Systems:	Oracle Application Server 10g Oracle Application Server 8i and prior Oracle Application Server 9i Oracle Developer Suite 10g Oracle Developer Suite 8i and prior Oracle Developer Suite 9i

CPAI-2006-171
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows GRE WMF Handling Memory Read Exception (MS06-001)
	Sources:	SecurityFocus Bugtraq ID: 16167
	Vulnerable Systems:	Microsoft Windows 98 Microsoft Windows 2000 Microsoft Windows 98 Second Edition Microsoft Windows Millennium Edition Microsoft Windows Server 2003 Microsoft Windows XP

CPAI-2006-170
	Date:
	Severity:
	Description:	Update Protection against RIM BlackBerry Enterprise Server Router Component Denial of Service
	Sources:	Secunia Advisory: SA18277
	Vulnerable Systems:	Research In Motion BlackBerry Enterprise Server for IBM Lotus Domino 4.x Research In Motion BlackBerry Enterprise Server for Microsoft Exchange 4.x Research In Motion BlackBerry Enterprise Server for Novell GroupWise 4.x

CPAI-2006-169
	Date:
	Severity:
	Description:	Update Protection against VMware Multiple Products NAT Service Buffer Overflow
	Sources:	Secunia Advisory: SA18162
	Vulnerable Systems:	VMware Assured Computing Environment 1.0.1 and earlier VMware GSX Server 3.2 and earlier VMware Player 1.0 VMware Workstation 5.5 and earlier

CPAI-2006-167
	Date:
	Severity:
	Description:	Update Protection against Microsoft Excel Malformed Range Code Execution (MS06-012)
	Sources:	Secunia Advisory: SA19138
	Vulnerable Systems:	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel X for Mac Microsoft Excel 2003 Microsoft Excel 2004 for Mac Microsoft Excel Viewer 2003

CPAI-2006-166
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer IsComponentInstalled Buffer Overflow
	Sources:	SecurityFocus Bugtraq ID: 16870
	Vulnerable Systems:	Microsoft Internet Explorer 5.01 up to and including SP3 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0

CPAI-2006-164
	Date:
	Severity:
	Description:	Update Protection against EMC Dantz Retrospect Backup Agent Denial of Service
	Sources:	Secunia Advisory: SA19097
	Vulnerable Systems:	EMC Retrospect Client 6.5 prior to 6.5.138 EMC Retrospect Client 7.0 prior to 7.0.109

CPAI-2006-160
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer Script Engine Stack Exhaustion
	Sources:	SecurityFocus Bugtraq ID: 16687
	Vulnerable Systems:	Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 SP2

CPAI-2006-159
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows Media Player Plug-in Buffer Overflow
	Sources:	Secunia Advisory: SA18852
	Vulnerable Systems:	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

CPAI-2006-158
	Date:
	Severity:
	Description:	Update Protection against IBM Lotus Notes HTML Speed Reader Long URL Buffer Overflow
	Sources:	Secunia Advisory: SA16280
	Vulnerable Systems:	IBM Lotus Notes 6.x prior to 6.5.5 IBM Lotus Notes 7.x prior to 7.0.1

CPAI-2006-157
	Date:
	Severity:
	Description:	Update Protection against IBM Lotus Notes Attachment Viewer UUE File Handling Buffer Overflow
	Sources:	Secunia Advisory: SA16280
	Vulnerable Systems:	IBM Lotus Notes 6.x prior to 6.5.5 IBM Lotus Notes 7.x prior to 7.0.1

CPAI-2006-152
	Date:
	Severity:
	Description:	Preemptive Protection against OpenLDAP Remote Buffer Overflow Vulnerability
	Sources:	Secunia Advisory: SA23334
	Vulnerable Systems:	OpenLDAP version 2.3.30 and prior

CPAI-2006-150
	Date:
	Severity:
	Description:	Preemptive Protection against MailEnable IMAP Service Remote Code Execution Vulnerability
	Sources:	Secunia Research: 20061211
	Vulnerable Systems:	MailEnable Enterprise Edition versions 1.1 through 1.41 MailEnable Enterprise Edition versions 2.0 through 2.35 MailEnable Professional Edition versions 1.6 through 1.84 MailEnable Professional Edition versions 2.0 through 2.35

CPAI-2006-147
	Date:
	Severity:
	Description:	Block Windows Address Book Contact Record Vulnerability (MS06-076)
	Sources:	Microsoft Security Bulletin MS06-076
	Vulnerable Systems:	Microsoft Outlook Express 5.5 SP2 on Windows 2000 SP4 Microsoft Outlook Express 6 SP1 on Windows 2000 SP4 Microsoft Outlook Express 6 on Windows XP SP2 Microsoft Outlook Express 6 on Windows XP Professional x64 Edition Microsoft Outlook Express 6 on Windows Server 2003 Microsoft Outlook Express 6 on Windows Server 2003 SP1 Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition Microsoft Outlook Express 6 on Windows Server 2003 (Itanium) Microsoft Outlook Express 6 on Windows Server 2003 SP1 (Itanium)

CPAI-2006-325
	Date:
	Severity:
	Description:	Update Protection against ImageMagick SGI File Handling Buffer Overflow
	Sources:	Secunia Advisory: SA21462
	Vulnerable Systems:	ImageMagick Studio ImageMagick 6.2.8 and prior

CPAI-2006-314
	Date:
	Severity:
	Description:	Update Protection against Yahoo Messenger YMailAttach ActiveX Control Buffer Overflow
	Sources:	Secunia Advisory: SA23401
	Vulnerable Systems:	Yahoo! Messenger 5.x Yahoo! Messenger 6.x Yahoo! Messenger 7.x Yahoo! Messenger 8.x prior to 8.1.0.209

CPAI-2006-305
	Date:
	Severity:
	Description:	Update Protection against Novell GroupWise Messenger HTTP POST Request Invalid Memory Access
	Sources:	Secunia Advisory: SA22244
	Vulnerable Systems:	Novell GroupWise Messenger 1.0 prior to 1.0.6 HP1 Novell GroupWise Messenger 2.0 prior to 2.0.2 HP1

CPAI-2006-303
	Date:
	Severity:
	Description:	Update Protection against Trend Micro OfficeScan Atxconsole ActiveX Control Format String
	Sources:	Secunia Advisory: SA22224
	Vulnerable Systems:	Trend Micro OfficeScan Corporate Edition 7.3

CPAI-2006-292
	Date:
	Severity:
	Description:	Update Protection against Microsoft Publisher PUB File Processing Memory Corruption (MS06-054)
	Sources:	Microsoft Scurity Bulletin MS06-054
	Vulnerable Systems:	Microsoft Publisher 2000 Microsoft Publisher 2002 Microsoft Publisher 2003

CPAI-2006-276
	Date:
	Severity:
	Description:	Update Protection against ProFTPD SReplace Function Buffer Overflow
	Sources:	Secunia Advisory: SA22803
	Vulnerable Systems:	ProFTPD Project ProFTPD prior to 1.3.0a

CPAI-2006-247
	Date:
	Severity:
	Description:	Update Protection against SpamAssassin Spamd Configurable Options Code Execution
	Sources:	Secunia Advisory: SA20430
	Vulnerable Systems:	Apache Software Foundation SpamAssassin 3.0.x prior to 3.0.6 Apache Software Foundation SpamAssassin 3.1.x prior to 3.1.3

CPAI-2006-245
	Date:
	Severity:
	Description:	Update Protection against F-Secure Products Web Console Buffer Overflow
	Sources:	Secunia Advisory: SA20407
	Vulnerable Systems:	F-Secure Anti-Virus for Microsoft Exchange 6.40 F-Secure Internet Gatekeeper 6.40 F-Secure Internet Gatekeeper 6.41 F-Secure Internet Gatekeeper 6.42 F-Secure Internet Gatekeeper 6.50

CPAI-2006-222
	Date:
	Severity:
	Description:	Update Protection against Mozilla Firefox CSS letter-spacing Heap Overflow
	Sources:	Secunia Advisory: SA19631
	Vulnerable Systems:	Mozilla Foundation Firefox 1.0.x prior to 1.0.8 Mozilla Foundation Firefox 1.5.x prior to 1.5.0.2 Mozilla Foundation Mozilla prior to 1.7.13 Mozilla Foundation SeaMonkey prior to 1.0.1 Mozilla Foundation Thunderbird 1.0.x prior to 1.0.8 Mozilla Foundation Thunderbird 1.5.x prior to 1.5.0.2

CPAI-2006-202
	Date:
	Severity:
	Description:	Update Protection against MediaWiki Parser Script Insertion
	Sources:	Secunia Advisory: SA20189
	Vulnerable Systems:	Wikimedia Foundation MediaWiki 1.6.0 Wikimedia Foundation MediaWiki 1.6.1 Wikimedia Foundation MediaWiki 1.6.2 Wikimedia Foundation MediaWiki 1.6.3 Wikimedia Foundation MediaWiki 1.6.4 Wikimedia Foundation MediaWiki 1.6.5

CPAI-2006-190
	Date:
	Severity:
	Description:	Update Protection against LibTIFF TIFFFetchData Function Integer Overflow
	Sources:	Secunia Advisory: SA19838
	Vulnerable Systems:	Sam Leffler LibTIFF 3.8.0 and prior

CPAI-2006-185
	Date:
	Severity:
	Description:	Update Protection against Internet Explorer WMF Image Parsing Memory Corruption
	Sources:	Secunia Advisory: SA18729
	Vulnerable Systems:	Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5

CPAI-2006-168
	Date:
	Severity:
	Description:	Update Protection against McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite
	Sources:	Secunia Advisory: SA18169
	Vulnerable Systems:	McAfee Personal Firewall Plus 7.0 and prior McAfee Privacy Service 8.0 McAfee SpamKiller 6.0 and prior McAfee VirusScan 4.0 McAfee VirusScan 4.0.3 McAfee VirusScan 4.5 McAfee VirusScan 4.5.1 McAfee VirusScan 5.0 McAfee VirusScan 6.0 McAfee VirusScan 7.0 McAfee VirusScan 7.1 McAfee VirusScan 8.0 McAfee VirusScan 9.0

CPAI-2006-165
	Date:
	Severity:
	Description:	Update Protection against Microsoft Visual Studio dbp and sln File Handling Buffer Overflow
	Sources:	SecurityFocus Bugtraq ID: 16953
	Vulnerable Systems:	Microsoft Microsoft Visual Studio 6.0 Microsoft Microsoft Visual Studio 6.0 SP1 Microsoft Microsoft Visual Studio 6.0 SP2 Microsoft Microsoft Visual Studio 6.0 SP3 Microsoft Microsoft Visual Studio 6.0 SP4 Microsoft Microsoft Visual Studio 6.0 SP5 Microsoft Microsoft Visual Studio 6.0 SP6

CPAI-2006-163
	Date:
	Severity:
	Description:	Update Protection against WinACE RAR and TAR Directory Traversal
	Sources:	Secunia Advisory: SA19013
	Vulnerable Systems:	e-Merge WinAce 2.6 and prior

CPAI-2006-162
	Date:
	Severity:
	Description:	Update Protection against Mozilla Thunderbird WYSIWIG Engine Filtering IFRAME JavaScript Execution
	Sources:	Secunia Advisory: SA15907
	Vulnerable Systems:	Mozilla Foundation Thunderbird prior to 1.5

CPAI-2006-161
	Date:
	Severity:
	Description:	Update Protection against GNU Tar PAX Extended Headers Handling Buffer Overflow
	Sources:	Secunia Advisory: SA18973
	Vulnerable Systems:	GNU Tar Project Tape Archiver (TAR) 1.14 GNU Tar Project Tape Archiver (TAR) 1.14.90 GNU Tar Project Tape Archiver (TAR) 1.15 GNU Tar Project Tape Archiver (TAR) 1.15.1

CPAI-2006-155
	Date:
	Severity:
	Description:	Integrity Clientless Security (ICS) Update 3.7.125.0
	Sources:	SmartDefense Research Center
	Vulnerable Systems:	Microsoft Windows clients

CPAI-2006-148
	Date:
	Severity:
	Description:	Integrity Clientless Security (ICS) Update 3.7.120.0
	Sources:	SmartDefense Research Center
	Vulnerable Systems:	Microsoft Windows clients

CPAI-2006-146
	Date:
	Severity:
	Description:	Preemptive Protection against MailEnable IMAP Service Buffer Overflow Vulnerability
	Sources:	FrSIRT/ADV-2006-4778 Secunia Advisory: SA23080
	Vulnerable Systems:	MailEnable Enterprise 1.40 MailEnable Enterprise 2.33 MailEnable Professional 1.83 MailEnable Professional 2.33

CPAI-2006-226
	Date:
	Severity:
	Description:	Update Protection against Apache Tomcat Directory Listing Information Disclosure
	Sources:	SecurityFocus Bugtraq ID: 19106
	Vulnerable Systems:	Apache Software Foundation Tomcat prior to 5.5.13

CPAI-2006-154
	Date:
	Severity:
	Description:	Preemptive Protection against Crob FTP Server Denial of Service Vulnerability
	Sources:	Secunia Advisory: SA23365
	Vulnerable Systems:	Crob FTP Server version 3.6.1 build 263

CPAI-2006-149
	Date:
	Severity:
	Description:	Preemptive Protection against Microsoft Windows IPv6 Denial of Service Vulnerability (MS06-064)
	Sources:	Microsoft Security Bulletin MS06-064
	Vulnerable Systems:	Microsoft Windows XP Microsoft Windows XP SP1 Microsoft Windows XP SP2 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1

Defense Updates


CPAI-2006-155
	Date:
	Update Number:	692061227 (Connectra NGX R61/R62) 691061227 (Connectra NGX R60) 690061227 (Connectra 2.0)
	Description:	Integrity Clientless Security (ICS) Update 3.7.125.0


CPAI-2006-148
	Date:
	Update Number:	692061213 (Connectra NGX R61/R62) 691061213 (Connectra NGX R60) 690061213 (Connectra 2.0)
	Description:	Integrity Clientless Security (ICS) Update 3.7.120.0


SBP-2006-13
	Date:
	Update Number:	591061205 (VPN-1 NGX R60) 602061205 (VPN-1 NGX R62)
	Description:	SmartDefense Content Protection Defenses


SBP-2006-13
	Date:
	Update Number:	591061203 (VPN-1 NGX R60) 602061203 (VPN-1 NGX R61/R62)
	Description:	SmartDefense Content Protection Defenses

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).