SDS Banner

SmartDefense Services Bulletin
January 2007

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

 
In This Bulletin

About SmartDefense Services
Advisories
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

  • Preemptive, ongoing, and real-time updates to defenses and security policies
  • Ongoing new protocol and application defenses against emerging threats and attacks
  • Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
  • Anti-virus updates and alerts for Check Point VPN-1 UTM
  • Anti-spyware updates for Check Point Integrity Anti-Spyware 
  • Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Integrity)
Advisories (Sorted by Severity, then Date)
CPAI-2006-323
  Date:
  Severity:
  Description: Update Protection against Sun Directory Server LDAP Denial of Service
  Sources: INSERT_VALUE
  Vulnerable Systems: Sun Microsystems Java System Directory Server 5.2 SP4 and earlier
Sun Microsystems Solaris 9
     
CPAI-2006-322
  Date:
  Severity:
  Description: Update Protection against Citrix MetaFrame IMA Authentication Processing Buffer Overflow
  Sources: Secunia Advisory: SA22802
  Vulnerable Systems: Citrix Systems MetaFrame XP 1.0
Citrix Systems MetaFrame XP 2.0
Citrix Systems MetaFrame Presentation Server 3.0
Citrix Systems MetaFrame Presentation Server 4.0
     
CPAI-2006-321
  Date:
  Severity:
  Description: Update Protection against CA Products Discovery Service Buffer Overflow
  Sources: Secunia Advisory: SA22285
  Vulnerable Systems: CA BrightStor ARCserve Backup 9.01
CA BrightStor ARCserve Backup 11.1
CA BrightStor ARCserve Backup 11.5 SP1 and below
CA BrightStor ARCserve Backup for Windows 11
CA BrightStor Enterprise Backup 10.5
CA Business Protection Suite 2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition 2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition 2
CA Server Protection Suite 2
     
CPAI-2006-320
  Date:
  Severity:
  Description: Update Protection against Mercury Mail Transport System Buffer Overflow
  Sources: Secunia Advisory: SA18611
  Vulnerable Systems: David Harris Mercury Mail Transport System 3.x
David Harris Mercury Mail Transport System 4.01b and prior
     
CPAI-2006-318
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows CSRSS HardError Message Box (MS07-021)
  Sources: Microsoft Scurity Bulletin MS07-021
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-313
  Date:
  Severity:
  Description: Update Protection against Symantec Veritas NetBackup Server bpcd Long Request Buffer Overflow
  Sources: Secunia Advisory: SA23368
  Vulnerable Systems: Symantec VERITAS NetBackup 5.0 without MP7
Symantec VERITAS NetBackup 5.1 without MP6
Symantec VERITAS NetBackup 6.0 without MP4
     
CPAI-2006-312
  Date:
  Severity:
  Description: Update Protection against Novell eDirectory evtFilteredMonitorEventsRequest Function Heap Overflow
  Sources: Secunia Advisory: SA22506
  Vulnerable Systems: Novell eDirectory 8.7.3.8 and priors
Novell eDirectory 8.8.1 and priors
     
CPAI-2006-311
  Date:
  Severity:
  Description: Update Protection against Novell eDirectory HTTP Server Redirection Buffer Overflow
  Sources: Secunia Advisory: SA22519
  Vulnerable Systems: Novell eDirectory 8.7.x, 8.7.3.8 and subsequent
Novell eDirectory 8.8.x, 8.8.1 and priors
     
CPAI-2006-310
  Date:
  Severity:
  Description: Update Protection against Oracle Database Server SDO_CS.TRANSFORM_LAYER Buffer Overflow
  Sources: Secunia Advisory: SA22396
  Vulnerable Systems: Oracle Database Server 8.1.7.4 and prior
Oracle Database Server 9.0.1.5 and prior
Oracle Database Server 9.2.0.7 and prior
Oracle Database Server 10.1.0.4 and prior
     
CPAI-2006-306
  Date:
  Severity:
  Description: Update Protection against CA Products Message Engine RPC Server Opcode 43 Buffer Overflow
  Sources: Secunia Advisory: SA22285
  Vulnerable Systems: CA BrightStor ARCserve Backup 9.01
CA BrightStor ARCserve Backup 11.1
CA BrightStor ARCserve Backup 11.5 SP1 and below
CA BrightStor ARCserve Backup for Windows 11
CA BrightStor Enterprise Backup 10.5
CA Business Protection Suite 2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition 2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition 2
CA Server Protection Suite 2
     
CPAI-2006-302
  Date:
  Severity:
  Description: Update Protection against McAfee Multiple Products HTTP Server Header Processing Buffer Overflow
  Sources: Secunia Advisory: SA22222
  Vulnerable Systems: McAfee ePolicy Orchestrator 3.x prior to 3.5 Patch 6
McAfee ProtectionPilot 1.1.x prior to Patch 3
     
CPAI-2006-287
  Date:
  Severity:
  Description: Update Protection against CA BrightStor ARCserve Backup Tape Engine RPC ReserveGroup Buffer Overflow
  Sources: Secunia Advisory: SA23060
  Vulnerable Systems: CA BrightStor ARCserve Backup r11.5 Prior to SP2
CA BrightStor ARCserve Backup r11.1
CA BrightStor ARCserve Backup r11.0
CA BrightStor ARCserve Backup r10.5
CA BrightStor ARCserve Backup r9.01
     
CPAI-2006-286
  Date:
  Severity:
  Description: Update Protection against CA BrightStor ARCserve Backup Tape Engine RPC GetGroupStatus Buffer Overflow
  Sources: Secunia Advisory: SA23060
  Vulnerable Systems: CA BrightStor ARCserve Backup r11.5 Prior to SP2
CA BrightStor ARCserve Backup r11.1
CA BrightStor ARCserve Backup r11.0
CA BrightStor ARCserve Backup r10.5
CA BrightStor ARCserve Backup r9.01
     
CPAI-2006-284
  Date:
  Severity:
  Description: Update Protection against Novell ZENworks Asset Management Msg.dll Buffer Overflow
  Sources: Secunia Advisory: SA23157
  Vulnerable Systems: Novell ZENworks Asset Management 7.0 SP1
     
CPAI-2006-277
  Date:
  Severity:
  Description: Update Protection against RealNetworks Helix Server DESCRIBE Request Buffer Overflow
  Sources: Secunia Advisory: SA22944
  Vulnerable Systems: RealNetworks Helix Server 11.1.2 and possibly priors
     
CPAI-2006-275
  Date:
  Severity:
  Description: Update Protection against HP OpenView Client Configuration Manager Radia Notify Code Execution
  Sources: Secunia Advisory: SA22780
  Vulnerable Systems: HP OpenView Client Configuration Manager 1.0
     
CPAI-2006-270
  Date:
  Severity:
  Description: Update Protection against Oracle Database Server MDSYS.SDO_LRS Package SQL Injection
  Sources: Secunia Advisory: SA22396
  Vulnerable Systems: Oracle Database Server 10.1.0.5 and prior
Oracle Database Server 10.2.0.2 and prior
Oracle Database Server 8.1.7.4 and prior
Oracle Database Server 9.0.1.5 and prior
Oracle Database Server 9.2.0.7 and prior
     
CPAI-2006-269
  Date:
  Severity:
  Description: Update Protection against CA Products Message Engine RPC Server Opcode 45 Buffer Overflow
  Sources: Secunia Advisory: SA22285
  Vulnerable Systems: CA BrightStor ARCserve Backup v9.01
CA BrightStor ARCserve Backup r11.1
CA BrightStor ARCserve Backup r11.5 SP1 and below
CA BrightStor ARCserve Backup for Windows r11
CA BrightStor Enterprise Backup 10.5
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Server Protection Suite r2
     
CPAI-2006-251
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows RRAS Memory Corruption
  Sources: Secunia Advisory: SA20630
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-244
  Date:
  Severity:
  Description: Update Protection against Symantec AntiVirus Real Time Virus Scan Service Stack Overflow
  Sources: Secunia Advisory: SA20318
  Vulnerable Systems: Symantec Antivirus Corporate Edition 10.0 (build 10.0.0.359 - 10.0.1.1000)
Symantec Antivirus Corporate Edition 10.0 (build 10.0.1.1007)
Symantec Antivirus Corporate Edition 10.0 (build 10.0.1.1008)
Symantec Antivirus Corporate Edition 10.0 (build 10.0.2.2000)
Symantec Antivirus Corporate Edition 10.0 (build 10.0.2.2001)
Symantec Antivirus Corporate Edition 10.0 (build 10.0.2.2010)
Symantec Antivirus Corporate Edition 10.0 (build 10.0.2.2020)
Symantec Antivirus Corporate Edition 10.1 (build 10.1.0.394)
Symantec Antivirus Corporate Edition 10.1 (build 10.1.0.400)
Symantec Client Security 3.0 (build 3.0.0.359 - 3.0.1.1000)
Symantec Client Security 3.0 (build 3.0.1.1007)
Symantec Client Security 3.0 (build 3.0.1.1008)
Symantec Client Security 3.0 (build 3.0.2.2000)
Symantec Client Security 3.0 (build 3.0.2.2001)
Symantec Client Security 3.0 (build 3.0.2.2010)
Symantec Client Security 3.0 (build 3.0.2.2020)
Symantec Client Security 3.1 (build 3.1.0.394)
Symantec Client Security 3.1 (build 3.1.0.400)
     
CPAI-2006-239
  Date:
  Severity:
  Description: Update Protection against Alt-N MDaemon POP3 Server USER and APOP Commands Buffer Overflow
  Sources: Secunia Advisory: SA21595
  Vulnerable Systems: Alt-N Technologies MDaemon 6.x
Alt-N Technologies MDaemon 7.x
Alt-N Technologies MDaemon 8.x
Alt-N Technologies MDaemon 9.x prior to 9.06
     
CPAI-2006-221
  Date:
  Severity:
  Description: Update Protection against Novell GroupWise Messenger Accept-Language Header Buffer Overflow
  Sources: Secunia Advisory: SA19663
  Vulnerable Systems: Novell GroupWise Messenger 2.0
     
CPAI-2006-216
  Date:
  Severity:
  Description: Update Protection against McAfee WebShield SMTP Bounce Message Format String
  Sources: Secunia Advisory: SA19491
  Vulnerable Systems: McAfee WebShield 4.5 MR1a and prior
     
CPAI-2006-212
  Date:
  Severity:
  Description: Update Protection against Symantec VERITAS NetBackup Volume Manager Buffer Overflow
  Sources: Secunia Advisory: SA19417
  Vulnerable Systems: Symantec VERITAS NetBackup 5.0
Symantec VERITAS NetBackup 5.1
Symantec VERITAS NetBackup 6.0
Symantec VERITAS NetBackup DataCenter and BusinesServer 4.5FP
Symantec VERITAS NetBackup DataCenter and BusinesServer 4.5MP
     
CPAI-2006-209
  Date:
  Severity:
  Description: Update Protection against Sendmail SMTP Timeout Buffer Overflow
  Sources: Secunia Advisory: SA19342
  Vulnerable Systems: Sendmail Consortium Sendmail prior to 8.13.6
     
CPAI-2006-196
  Date:
  Severity:
  Description: Update Protection against Novell Distributed Print Services Integer Overflow
  Sources: Secunia Advisory: SA20048
  Vulnerable Systems: Novell Netware 6.5
Novell Client 4.91 and prior
     
CPAI-2006-192
  Date:
  Severity:
  Description: Update Protection against MySQL COM_TABLE_DUMP Function Stack Overflow
  Sources: Secunia Advisory: SA19929
  Vulnerable Systems: MySQL AB MySQL 5.0.20 and prior
     
CPAI-2006-186
  Date:
  Severity:
  Description: Update Protection against Oracle Database Server DBMS_EXPORT_EXTENSION Package Privilege Escalation
  Sources: Secunia Advisory: SA19712
  Vulnerable Systems: Oracle Database Server 8.1.7.4 - 10.2.0.2
     
CPAI-2006-178
  Date:
  Severity:
  Description: Update Protection against Oracle Database Server XDB.DBMS_XMLSCHEMA Buffer Overflow
  Sources: Secunia Advisory: SA18493
  Vulnerable Systems: Oracle Database Server 10g Release 1
Oracle Database Server 9i Release 2
     
CPAI-2006-177
  Date:
  Severity:
  Description: Update Protection against CA iTechnology iGateway Service Content-Length Buffer
  Sources: Secunia Advisory: SA18591
  Vulnerable Systems: CA BrightStor ARCserve Backup 9.01
CA BrightStor ARCserve Backup 10.5
CA BrightStor ARCserve Backup 11
CA BrightStor ARCserve Backup 11.1
CA BrightStor ARCserve Backup 11.5
CA BrightStor Enterprise Backup 10.5
CA BrightStor Portal 11.1
CA BrightStor Process Automation Manager 11.1
CA BrightStor SAN Manager 11.1
CA BrightStor SAN Manager 11.5
CA BrightStor Storage Resource Manager 6.3
CA BrightStor Storage Resource Manager 6.4
CA BrightStor Storage Resource Manager 11.1
CA BrightStor Storage Resource Manager 11.5
CA eTrust Admin 8.1
CA eTrust Audit 1.5 SP2
CA eTrust Audit 1.5 SP3
CA eTrust Audit 8.0
CA eTrust Directory 8.1
CA eTrust Identity Minder 8.0
CA eTrust Integrated Threat Management 8
CA eTrust Secure Content Manager 8
CA Unicenter Application Performance Monitor 11
CA Unicenter Application Server Management 11
CA Unicenter Asset Portfolio Management 11
CA Unicenter AutoSys JM 11
CA Unicenter CA Web Services Distributed Management 11
CA Unicenter Exchange Management 11
CA Unicenter Management For WebLogic and WebSphere 11
CA Unicenter MQ Management 11
CA Unicenter Service Catalog/Fulfillment/Accounting 11
CA Unicenter Service Delivery 11
CA Unicenter Service Desk 11
CA Unicenter Service Desk Knowledge Tools 11
CA Unicenter Service Fulfillment 2.2
CA Unicenter Service Fulfillment 11
CA Unicenter Service Level Management 11
CA Unicenter Service Matrix Analysis 11
CA Unicenter Web Server Management 11
     
CPAI-2006-173
  Date:
  Severity:
  Description: Update Protection against Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow
  Sources: Secunia Advisory: SA18484
  Vulnerable Systems: Novell SUSE Linux Enterprise Server 9
     
CPAI-2006-172
  Date:
  Severity:
  Description: Update Protection against Microsoft Exchange and Outlook TNEF Decoding Integer Overflow
  Sources: Secunia Advisory: SA18368
  Vulnerable Systems: Microsoft Exchange Server 5.0
Microsoft Exchange Server 5.5
Microsoft Exchange Server 2000
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook 2003
     
CPAI-2006-156
  Date:
  Severity:
  Description: Preemptive Protection against MailEnable POP3 Remote Code Execution Vulnerability
  Sources: Secunia Advisory: SA23127
  Vulnerable Systems: MailEnable Standard Edition version 1.98 and prior
MailEnable Enterprise Edition version 2.35 and prior
MailEnable Professional Edition version 2.35 and prior
     
CPAI-2006-153
  Date:
  Severity:
  Description: Preemptive Protection against Easy File Sharing FTP Server 'PASS' Buffer Overflow Vulnerability
  Sources: FrSIRT/ADV-2006-3068
Secunia Advisory: SA21289
  Vulnerable Systems: Easy File Sharing FTP Server version 2.0 and prior
     
CPAI-2006-151
  Date:
  Severity:
  Description: Preemptive Protection against Golden FTP USER Denial of Service Vulnerability
  Sources: Secunia Advisory: SA23323
  Vulnerable Systems: Golden FTP Server version 1.92
     
CPAI-2006-324
  Date:
  Severity:
  Description: Update Protection against Linux Kernel SCTP Chunkless Packet Denial of Service Vulnerability
  Sources: Secunia Advisory: SA20917
  Vulnerable Systems: Linux Kernel Project Linux Kernel 2.6.x prior to 2.6.16.23
Linux Kernel Project Linux Kernel 2.6.17.x prior to 2.6.17.3
     
CPAI-2006-319
  Date:
  Severity:
  Description: Update Protection against Novell NetMail IMAP APPEND Command Buffer Overflow
  Sources: Secunia Advisory: SA23437
  Vulnerable Systems: Novell NetMail 3.5.2 and possibly prior
     
CPAI-2006-317
  Date:
  Severity:
  Description: Update Protection against Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption
  Sources: Secunia Advisory: SA23445
  Vulnerable Systems: Sun Microsystems Java Runtime Environment 1.3.1_18 and prior
Sun Microsystems Java Runtime Environment 1.4.2_12 and prior
Sun Microsystems Java Runtime Environment 5.0 Update 7 and prior
     
CPAI-2006-316
  Date:
  Severity:
  Description: Update Protection against Mozilla Products Frame Comment Objects Manipulation Memory Corruption
  Sources: Secunia Advisory: SA23282
  Vulnerable Systems: Mozilla Foundation Firefox 1.5.0.4
Mozilla Foundation Firefox 1.5.0.5
Mozilla Foundation Firefox 1.5.0.6
Mozilla Foundation Firefox 1.5.0.7
Mozilla Foundation Firefox 1.5.0.8
Mozilla Foundation Firefox 2
Mozilla Foundation SeaMonkey 1.0.6 and prior
     
CPAI-2006-315
  Date:
  Severity:
  Description: Update Protection against MailEnable POP3 Service PASS Command Buffer Overflow
  Sources: Secunia Advisory: SA23127
  Vulnerable Systems: MailEnable MailEnable Enterprise Edition 1.1 - 1.41
MailEnable MailEnable Enterprise Edition 2.0 - 2.35
MailEnable MailEnable Professional Edition 1.1 - 1.84
MailEnable MailEnable Professional Edition 2.0 - 2.35
MailEnable MailEnable Standard Edition 1.98 and prior
     
CPAI-2006-309
  Date:
  Severity:
  Description: Update Protection against Apache HTTP Server mod_tcl Module Format String
  Sources: Secunia Advisory: SA22458
  Vulnerable Systems: Apache Software Foundation mod_tcl Module Prior to 1.0.1
     
CPAI-2006-308
  Date:
  Severity:
  Description: Update Protection against Microsoft PowerPoint Malformed Data Record Code Execution (MS06-058)
  Sources: Microsoft Scurity Bulletin MS06-058
  Vulnerable Systems: Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2004 for Mac
Microsoft PowerPoint v. X for Mac
     
CPAI-2006-307
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel COLINFO Record Buffer Overflow (MS06-059)
  Sources: Microsoft Scurity Bulletin MS06-059
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2004 for Mac
Microsoft Excel v. X for Mac
Microsoft Excel Viewer 2003
     
CPAI-2006-304
  Date:
  Severity:
  Description: Update Protection against MailEnable SMTP NTLM Authentication Buffer Overflow
  Sources: Secunia Advisory: SA22179
  Vulnerable Systems: MailEnable MailEnable Enterprise 2.X
MailEnable MailEnable Professional 2.X
     
CPAI-2006-301
  Date:
  Severity:
  Description: Update Protection against Microsoft PowerPoint Malformed Record Code Execution (MS06-058)
  Sources: Microsoft Scurity Bulletin MS06-058
  Vulnerable Systems: Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
Microsoft PowerPoint 2004 for Mac
Microsoft PowerPoint v. X for Mac
     
CPAI-2006-300
  Date:
  Severity:
  Description: Update Protection against OpenSSH sshd Identical Blocks Denial of Service
  Sources: Secunia Advisory: SA22091
  Vulnerable Systems: OpenBSD Project OpenSSH 4.x and prior versions
     
CPAI-2006-299
  Date:
  Severity:
  Description: Update Protection against Apple QuickTime Plug-In Security Bypass
  Sources: Secunia Advisory: SA22048
  Vulnerable Systems: Apple Computer QuickTime 7.x
     
CPAI-2006-298
  Date:
  Severity:
  Description: Update Protection against GNU gzip LZH Decompression make_table Stack Modification
  Sources: Secunia Advisory: SA21996
  Vulnerable Systems: Free Software Foundation gzip 1.3.5 and priors
     
CPAI-2006-297
  Date:
  Severity:
  Description: Update Protection against Ipswitch WS_FTP Server FTP Commands Buffer Overflow
  Sources: Secunia Advisory: SA21932
  Vulnerable Systems: Ipswitch WS_FTP Server 5.05
     
CPAI-2006-296
  Date:
  Severity:
  Description: Update Protection against Mozilla Products Regular Expressions Heap Corruption
  Sources: Secunia Advisory: SA21906
  Vulnerable Systems: Mozilla Foundation Firefox Prior to 1.5.0.7
Mozilla Foundation SeaMonkey Prior to 1.0.5
Mozilla Foundation Thunderbird Prior to 1.5.0.7
     
CPAI-2006-295
  Date:
  Severity:
  Description: Update Protection against Internet Explorer daxctle.ocx KeyFrame Method Memory Corruption (MS06-067)
  Sources: Microsoft Scurity Bulletin MS06-067
  Vulnerable Systems: Microsoft Internet Explorer 5.x
Microsoft Internet Explorer 6
     
CPAI-2006-294
  Date:
  Severity:
  Description: Update Protection against Apple QuickTime FLIC Animation File Buffer Overflow
  Sources: Secunia Advisory: SA21893
  Vulnerable Systems: Apple Computer Quicktime prior to 7.1.3
     
CPAI-2006-293
  Date:
  Severity:
  Description: Update Protection against Apple QuickTime H.264 Crafted Movie Buffer Overflow
  Sources: Secunia Advisory: SA21893
  Vulnerable Systems: Apple Computer Quicktime prior to 7.1.3
     
CPAI-2006-291
  Date:
  Severity:
  Description: Update Protection against IBM DB2 Universal Database Connection Handshake Denial of Service
  Sources: SecurityFocus Bugtraq ID: 19586
  Vulnerable Systems: IBM DB2 Universal Database 8.0
IBM DB2 Universal Database 8.1 prior to FixPak 13
IBM DB2 Universal Database 8.2 prior to FixPak 6
     
CPAI-2006-290
  Date:
  Severity:
  Description: Update Protection against Ipswitch IMail Server SMTP Service Buffer Overflow
  Sources: Secunia Advisory: SA21795
  Vulnerable Systems: Ipswitch IMail Server 2006 prior to 2006.04a
Ipswitch IMail Server Plus 2006 prior to 2006.04a
Ipswitch IMail Server Secure 2006 prior to 2006.04a
     
CPAI-2006-289
  Date:
  Severity:
  Description: Update Protection against Microsoft Word Formatted Disk Pages Table Memory Corruption (MS07-014)
  Sources: Microsoft Scurity Bulletin MS07-014
  Vulnerable Systems: Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2004 for Mac
Microsoft Word Viewer 2003
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
     
CPAI-2006-288
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows RIS TFTP Service Writable Path Vulnerability (MS06-077)
  Sources: Microsoft Security Bulletin MS06-077
  Vulnerable Systems: Microsoft Windows 2000
     
CPAI-2006-285
  Date:
  Severity:
  Description: Update Protection against Adobe Download Manager AOM File Section Name Buffer Overflow
  Sources: Adobe Security Bulletin APSB06-19
  Vulnerable Systems: Adobe Systems Download Manager 2.1
     
CPAI-2006-283
  Date:
  Severity:
  Description: Update Protection against GNU Radius SQL Accounting Format String Vulnerability
  Sources: Secunia Advisory: SA23087
  Vulnerable Systems: Free Software Foundation GNU Radius 1.2 and prior
Free Software Foundation GNU Radius 1.3
     
CPAI-2006-282
  Date:
  Severity:
  Description: Update Protection against MailEnable IMAP Service Invalid Command Buffer Overflow
  Sources: Secunia Advisory: SA23047
  Vulnerable Systems: MailEnable MailEnable Enterprise 1.20 and prior
MailEnable MailEnable Enterprise 2.32 and prior
MailEnable MailEnable Professional 1.82 and prior
MailEnable MailEnable Professional 2.32 and prior
     
CPAI-2006-281
  Date:
  Severity:
  Description: Update Protection against CA BrightStor ARCserve Backup Tape Engine Service Buffer Overflow
  Sources: Secunia Advisory: SA23060
  Vulnerable Systems: CA BrightStor ARCserve Backup v11.5
     
CPAI-2006-280
  Date:
  Severity:
  Description: Update Protection against Citrix Presentation Server IMA Invalid Event Data Length Denial of Service
  Sources: Secunia Advisory: SA22802
  Vulnerable Systems: Citrix Systems MetaFrame XP 1.0
Citrix Systems MetaFrame XP 2.0
Citrix Systems MetaFrame Presentation Server 3.0
Citrix Systems MetaFrame Presentation Server 4.0
     
CPAI-2006-279
  Date:
  Severity:
  Description: Update Protection against Novell Client Print Provider Buffer Overflow
  Sources: Secunia Advisory: SA23027
  Vulnerable Systems: Novell Novell Client 4.91 and previous versions
     
CPAI-2006-278
  Date:
  Severity:
  Description: Update Protection against Adobe AcroPDF ActiveX Control Memory Corruption
  Sources: Adobe Security Bulletin APSA06-02
  Vulnerable Systems: Adobe Acrobat Professional 7.0.0 - 7.0.8
Adobe Acrobat Reader 7.0.0 - 7.0.8
Adobe Acrobat Standard 7.0.0 - 7.0.8
     
CPAI-2006-274
  Date:
  Severity:
  Description: Update Protection against America Online ICQ ActiveX Control DownloadAgent Function Code Execution
  Sources: Secunia Advisory: SA22670
  Vulnerable Systems: America Online ICQ 5.1
     
CPAI-2006-273
  Date:
  Severity:
  Description: Update Protection against OpenLDAP LDAP Server BIND Request Denial of Service
  Sources: Secunia Advisory: SA22750
  Vulnerable Systems: OpenLDAP Foundation OpenLDAP 2.3.28 and prior
     
CPAI-2006-272
  Date:
  Severity:
  Description: Update Protection against Novell iManager Tomcat HTTP POST Request Handling Denial of Service
  Sources: Secunia Advisory: SA22657
  Vulnerable Systems: Novell iManager 2.5 and prior
     
CPAI-2006-271
  Date:
  Severity:
  Description: Update Protection against Nullsoft WinAmp Ultravox ultravox-max-msg Header Buffer Overflow
  Sources: Secunia Advisory: SA22580
  Vulnerable Systems: Nullsoft Winamp 5.3 and prior
     
CPAI-2006-268
  Date:
  Severity:
  Description: Update Protection against Microsoft Office Malformed GIF File Processing Code Execution (MS06-039)
  Sources: Microsoft Scurity Bulletin MS06-039
  Vulnerable Systems: Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Project 2000
Microsoft Project 2002
Microsoft Project 2003
Microsoft OneNote 2003
     
CPAI-2006-267
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Malformed FNGROUPCOUNT Value Code Execution (MS06-037)
  Sources: Secunia Advisory: SA20686
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel v. X for Mac
Microsoft Excel 2004 for Mac
Microsoft Excel Viewer 2003
     
CPAI-2006-266
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Malformed OBJECT Record Code Execution (MS06-037)
  Sources: Secunia Advisory: SA20686
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2004 for Mac
Microsoft Excel v. X for Mac
Microsoft Excel Viewer 2003
     
CPAI-2006-265
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Malformed SELECTION Record Code Execution (MS06-037)
  Sources: Microsoft Scurity Bulletin MS06-037
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2004 for Mac
Microsoft Excel v. X for Mac
Microsoft Excel Viewer 2003
     
CPAI-2006-264
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows DHCP Client Service Buffer Overflow (MS06-036)
  Sources: Secunia Advisory: SA21010
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-263
  Date:
  Severity:
  Description: Update Protection against Microsoft IIS Server Crafted ASP Page Buffer Overflow (MS06-034)
  Sources: Microsoft Scurity Bulletin MS06-034
  Vulnerable Systems: Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1
Microsoft Internet Information Services 6.0
     
CPAI-2006-262
  Date:
  Severity:
  Description: Update Protection against Microsoft ASP.NET Application Folder Information Disclosure (MS06-033)
  Sources: Microsoft Scurity Bulletin MS06-033
  Vulnerable Systems: Microsoft .NET Framework 2.0
     
CPAI-2006-261
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Asian Languages Style Handling Buffer Overflow (MS06-059)
  Sources: Microsoft Scurity Bulletin MS06-059
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel XP
Microsoft Excel 2003
Microsoft Excel Viewer 2003
     
CPAI-2006-260
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows Explorer Invalid URL File Parsing Stack Overflow
  Sources: SecurityFocus Bugtraq ID: 18838
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-259
  Date:
  Severity:
  Description: Update Protection against Internet Explorer HHCtrl.ocx Image Property Heap Corruption (MS06-046)
  Sources: Secunia Advisory: SA20906
  Vulnerable Systems: Microsoft Internet Explorer 6.0
     
CPAI-2006-258
  Date:
  Severity:
  Description: Update Protection against Apple iTunes AAC File Handling Integer Overflow
  Sources: Secunia Advisory: SA20891
  Vulnerable Systems: Apple Computer iTunes prior to 6.0.5
     
CPAI-2006-257
  Date:
  Severity:
  Description: Update Protection against Internet Explorer Cross Domain Information Disclosure (MS06-042)
  Sources: Microsoft Scurity Bulletin MS06-042
  Vulnerable Systems: Microsoft Internet Explorer 5.01 SP4
Microsoft Internet Explorer 6
Microsoft Internet Explorer 6 SP1
     
CPAI-2006-256
  Date:
  Severity:
  Description: Update Protection against RealNetworks Helix Server RTSP Malformed HTTP Header Buffer Overflow
  Sources: INSERT_VALUE
  Vulnerable Systems: RealNetworks Helix DNA Server 10.0.x
RealNetworks Helix DNA Server 11.0.x
     
CPAI-2006-255
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Embedded Shockwave Flash Object Code Execution (MS06-069)
  Sources: Microsoft Scurity Bulletin MS06-069
  Vulnerable Systems: Microsoft Excel 97
Microsoft Excel 2000
Microsoft Excel XP
Microsoft Excel 2003
     
CPAI-2006-254
  Date:
  Severity:
  Description: Update Protection against Nullsoft Winamp Midi File Header Handling Buffer Overflow
  Sources: Secunia Advisory: SA20722
  Vulnerable Systems: Nullsoft Winamp 5.21 and below
     
CPAI-2006-253
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Crafted URL Unicode Buffer Overflow Vulnerability (MS06-050)
  Sources: Microsoft Security Bulletin MS06-050
  Vulnerable Systems: Microsoft Excel 97
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
     
CPAI-2006-252
  Date:
  Severity:
  Description: Update Protection against Microsoft Exchange Server Outlook Web Access Script Injection (MS06-029)
  Sources: Secunia Advisory: SA20634
  Vulnerable Systems: Microsoft Exchange Server 2000
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 2003 Service Pack 2
     
CPAI-2006-250
  Date:
  Severity:
  Description: Update Protection against Internet Explorer COM Object Instantiation Memory Corruption (MS06-021)
  Sources: Secunia Advisory: SA20595
  Vulnerable Systems: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6
     
CPAI-2006-249
  Date:
  Severity:
  Description: Update Protection against Internet Explorer HTML Decoding Memory Corruption
  Sources: Secunia Advisory: SA20595
  Vulnerable Systems: Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.01
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook Express 6
     
CPAI-2006-248
  Date:
  Severity:
  Description: Update Protection against Mozilla Firefox DOMNodeRemoved Memory Corruption
  Sources: Secunia Advisory: SA20376
  Vulnerable Systems: Mozilla Foundation Firefox prior to 1.5.0.4
Mozilla Foundation SeaMonkey prior to 1.0.2
Mozilla Foundation Thunderbird prior to 1.5.0.4
     
CPAI-2006-246
  Date:
  Severity:
  Description: Update Protection against Microsoft Internet Explorer MHTML URI Buffer Overflow
  Sources: Secunia Advisory: SA20384
  Vulnerable Systems: Microsoft Internet Explorer 6.0
     
CPAI-2006-243
  Date:
  Severity:
  Description: Update Protection against Linux Kernel SNMP NAT Netfilter Memory Corruption
  Sources: Secunia Advisory: SA20225
  Vulnerable Systems: Linux Kernel Project Kernel 2.6.16.17 and earlier
     
CPAI-2006-242
  Date:
  Severity:
  Description: Update Protection against TikiWiki jhot.php Script File Upload Security Bypass
  Sources: Secunia Advisory: SA21733
  Vulnerable Systems: TikiWiki TikiWiki 1.9.4 and prior
     
CPAI-2006-241
  Date:
  Severity:
  Description: Update Protection against MySQL MaxDB WebDBM Server Buffer Overflow
  Sources: Secunia Advisory: SA21677
  Vulnerable Systems: MySQL AB MaxDB Webtool prior to 7.6.00.30
     
CPAI-2006-240
  Date:
  Severity:
  Description: Update Protection against Internet Explorer Long URL Buffer Overflow
  Sources: Microsoft Scurity Bulletin 923762
  Vulnerable Systems: Microsoft Internet Explorer 6.0 Service Pack 1
     
CPAI-2006-238
  Date:
  Severity:
  Description: Update Protection against Internet Explorer COM Object Instantiation Memory Corruption
  Sources: INSERT_VALUE
  Vulnerable Systems: Microsoft Windows 2000
     
CPAI-2006-237
  Date:
  Severity:
  Description: Update Protection against IBM eGatherer ActiveX RunEgatherer Function Buffer Overflow
  Sources: Secunia Advisory: SA21528
  Vulnerable Systems: IBM Access Support 2.x
IBM Access Support 3.x
     
CPAI-2006-236
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows Help HLP File Processing Memory Corruption
  Sources: SecurityFocus Bugtraq ID: 19490
  Vulnerable Systems: Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-235
  Date:
  Severity:
  Description: Update Protection against ClamAV UPX File Handling Heap Overflow
  Sources: Secunia Advisory: SA21374
  Vulnerable Systems: ClamAV Project ClamAV 0.81
ClamAV Project ClamAV 0.82
ClamAV Project ClamAV 0.83
ClamAV Project ClamAV 0.84
ClamAV Project ClamAV 0.85
ClamAV Project ClamAV 0.86
ClamAV Project ClamAV 0.87
ClamAV Project ClamAV 0.88.3 and prior
     
CPAI-2006-234
  Date:
  Severity:
  Description: Update Protection against Microsoft Visual Basic Document Properties Buffer Overrun (MS06-047)
  Sources: Microsoft Scurity Bulletin MS06-047
  Vulnerable Systems: Microsoft Access 2000 Runtime Service Pack 3
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Project 2000 Service Release 1
Microsoft Project 2002 Service Pack 1
Microsoft Visio 2002 Service Pack 2
Microsoft Visual Basic for Applications SDK 6.0
Microsoft Visual Basic for Applications SDK 6.2
Microsoft Visual Basic for Applications SDK 6.3
Microsoft Visual Basic for Applications SDK 6.4
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
     
CPAI-2006-233
  Date:
  Severity:
  Description: Update Protection against Internet Explorer DirectAnimation COM Object Memory Corruption (MS06-042)
  Sources: Microsoft Scurity Bulletin MS06-042
  Vulnerable Systems: Microsoft Internet Explorer 5
Microsoft Internet Explorer 6
     
CPAI-2006-232
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows DNS Client Buffer Overrun
  Sources: Secunia Advisory: SA21394
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-231
  Date:
  Severity:
  Description: Update Protection against GnuPG Message Packet Length Handling Integer Overflow
  Sources: Secunia Advisory: SA21297
  Vulnerable Systems: Free Software Foundation GnuPG 1.4.4 and prior
     
CPAI-2006-230
  Date:
  Severity:
  Description: Update Protection against McAfee Subscription Manager ActiveX Stack Buffer Overflow
  Sources: Secunia Advisory: SA21264
  Vulnerable Systems: McAfee AntiSpyware 1.x
McAfee AntiSpyware 2.x
McAfee Internet Security Suite 6.x
McAfee Internet Security Suite 7.x
McAfee Internet Security Suite 8.x
McAfee Personal Firewall Plus 5.x
McAfee Personal Firewall Plus 6.x
McAfee Personal Firewall Plus 7.x
McAfee Privacy Service 6.x
McAfee Privacy Service 7.x
McAfee Privacy Service 8.x
McAfee QuickClean 4.x
McAfee QuickClean 5.x
McAfee QuickClean 6.x
McAfee SpamKiller 5.x
McAfee SpamKiller 6.x
McAfee SpamKiller 7.x
McAfee VirusScan 10.x
McAfee VirusScan 8.x
McAfee VirusScan 9.x
McAfee Wireless Home Network Security 1.x
     
CPAI-2006-229
  Date:
  Severity:
  Description: Update Protection against Apache Server mod_rewrite Module LDAP Scheme Handling Buffer Overflow
  Sources: Secunia Advisory: SA21197
  Vulnerable Systems: Apache Software Foundation HTTP Server 2.2.0 to 2.2.2
Apache Software Foundation HTTP Server 2.0.46 to 2.0.58
Apache Software Foundation HTTP Server 1.3.28 to 1.3.36
     
CPAI-2006-228
  Date:
  Severity:
  Description: Update Protection against Oracle Database dbms_assert Filter Bypass
  Sources: SecurityFocus Bugtraq ID: 19203
  Vulnerable Systems: Oracle Database Server 8i
Oracle Database Server 9i
Oracle Database Server 10g
     
CPAI-2006-227
  Date:
  Severity:
  Description: Update Protection against Mozilla Browsers JavaScript Navigator Object Memory Corruption
  Sources: Secunia Advisory: SA19873
  Vulnerable Systems: Mozilla Foundation Firefox 1.5.0
Mozilla Foundation Firefox 1.5.0.1
Mozilla Foundation Firefox 1.5.0.2
Mozilla Foundation Firefox 1.5.0.3
Mozilla Foundation Firefox 1.5.0.4
Mozilla Foundation SeaMonkey 1.0
Mozilla Foundation SeaMonkey 1.0.1
Mozilla Foundation SeaMonkey 1.0.2
     
CPAI-2006-225
  Date:
  Severity:
  Description: Update Protection against MySQL Server DATE_FORMAT Function Format String
  Sources: Secunia Advisory: SA19929
  Vulnerable Systems: MySQL AB MySQL 4.1.20 and prior
MySQL AB MySQL 5.0.20 and prior
MySQL AB MySQL 5.1.8 and prior
     
CPAI-2006-224
  Date:
  Severity:
  Description: Update Protection against Oracle Database SYS.KUPW-WORKER Package MAIN Procedure SQL Injection
  Sources: Secunia Advisory: SA21111
  Vulnerable Systems: Oracle Database Server 10g 10.1.0.5 and priors
     
CPAI-2006-223
  Date:
  Severity:
  Description: Update Protection against Microsoft PowerPoint PPT File Parsing Memory Corruption
  Sources: Secunia Advisory: SA21061
  Vulnerable Systems: Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
     
CPAI-2006-220
  Date:
  Severity:
  Description: Update Protection against Microsoft Outlook Express Windows Address Book File Overflow (MS06-016)
  Sources: Secunia Advisory: SA19617
  Vulnerable Systems: Microsoft Outlook Express 5.5
Microsoft Outlook Express 6
     
CPAI-2006-219
  Date:
  Severity:
  Description: Update Protection against Internet Explorer HTML Tag Memory Corruption (MS06-013)
  Sources: Secunia Advisory: SA18957
  Vulnerable Systems: Microsoft Internet Explorer 6.0
     
CPAI-2006-218
  Date:
  Severity:
  Description: Update Protection against Oracle Database Server Crafted View Privilege Escalation
  Sources: SecurityFocus Bugtraq ID: 17426
  Vulnerable Systems: Oracle Database Server 9.2.0.0 to 10.2.0.3
     
CPAI-2006-217
  Date:
  Severity:
  Description: Update Protection against ClamAV Output Log Handling Format String
  Sources: Secunia Advisory: SA19534
  Vulnerable Systems: ClamAV Project ClamAV 0.88 and prior
     
CPAI-2006-215
  Date:
  Severity:
  Description: Update Protection against Internet Explorer Plugin Loading Address Bar Spoofing (MS06-021)
  Sources: Secunia Advisory: SA19521
  Vulnerable Systems: Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
     
CPAI-2006-214
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows Help File Heap Buffer Overflow
  Sources: SecurityFocus Bugtraq ID: 17325
  Vulnerable Systems: Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-213
  Date:
  Severity:
  Description: Update Protection against Symantec VERITAS NetBackup vnetd Buffer Overflow
  Sources: Secunia Advisory: SA19417
  Vulnerable Systems: Symantec VERITAS NetBackup 6.0
     
CPAI-2006-211
  Date:
  Severity:
  Description: Update Protection against RealNetworks RealPlayer SWF Flash File Buffer Overflow
  Sources: Secunia Advisory: SA19358
  Vulnerable Systems: RealNetworks Rhapsody Player 3 (build 0.815 - 1.0.269)
RealNetworks RealPlayer 8
RealNetworks RealPlayer 10
RealNetworks RealPlayer 10.5, build 6.0.12.1348 and below
RealNetworks RealPlayer Enterprise
RealNetworks RealOne Player v1
RealNetworks RealOne Player v2
     
CPAI-2006-210
  Date:
  Severity:
  Description: Update Protection against Internet Explorer createTextRange Remote Code Execution Vulnerability (MS06-013)
  Sources: Microsoft Security Bulletin MS06-013
  Vulnerable Systems: Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
     
CPAI-2006-208
  Date:
  Severity:
  Description: Update Protection against UltraVNC VNCLog Buffer Overflow
  Sources: Secunia Advisory: SA19513
  Vulnerable Systems: UltraVNC Project UltraVNC 1.0.1 and below
     
CPAI-2006-207
  Date:
  Severity:
  Description: Update Protection against Internet Explorer Script Action Handler Buffer Overflow
  Sources: SecurityFocus Bugtraq ID: 17131
  Vulnerable Systems: Microsoft Internet Explorer 5.x
Microsoft Internet Explorer 6.0
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook Express 5.x
Microsoft Outlook Express 6.x
     
CPAI-2006-206
  Date:
  Severity:
  Description: Update Protection against Microsoft Office Malformed Routing Slip Code Execution
  Sources: Secunia Advisory: SA19138
  Vulnerable Systems: Microsoft Word 2000
Microsoft Word 2002
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
     
CPAI-2006-205
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Malformed Record Code Execution (MS06-012)
  Sources: Secunia Advisory: SA19138
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel X for Mac
Microsoft Excel 2003
Microsoft Excel 2004 for Mac
Microsoft Excel Viewer 2003
     
CPAI-2006-204
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Malformed Graphic Code Execution (MS06-012)
  Sources: Secunia Advisory: SA19138
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel X for Mac
Microsoft Excel 2003
Microsoft Excel 2004 for Mac
Microsoft Excel Viewer 2003
     
CPAI-2006-203
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Malformed File Format Parsing Code Execution (MS06-012)
  Sources: Secunia Advisory: SA19138
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel X for Mac
Microsoft Excel 2003
Microsoft Excel 2004 for Mac
Microsoft Excel Viewer 2003
     
CPAI-2006-201
  Date:
  Severity:
  Description: Update Protection against Microsoft Word Smart Tags Code Execution (MS06-027)
  Sources: Microsoft Scurity Bulletin MS06-027
  Vulnerable Systems: Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word Viewer 2003
     
CPAI-2006-200
  Date:
  Severity:
  Description: Update Protection against Apple QuickTime BMP File Handling Heap Overflow
  Sources: Secunia Advisory: SA20069
  Vulnerable Systems: Apple QuickTime prior to 7.1
     
CPAI-2006-199
  Date:
  Severity:
  Description: Update Protection against Apple QuickTime udta Atom Buffer Overflow
  Sources: Secunia Advisory: SA20069
  Vulnerable Systems: Apple Quicktime prior to 7.1
     
CPAI-2006-198
  Date:
  Severity:
  Description: Update Protection against Apple QuickTime FPX File Handling Integer Overflow
  Sources: Secunia Advisory: SA20069
  Vulnerable Systems: Apple Quicktime prior to 7.1
     
CPAI-2006-197
  Date:
  Severity:
  Description: Update Protection against EMC Retrospect Client Crafted Packet Buffer Overflow
  Sources: SecurityFocus Bugtraq ID: 17948
  Vulnerable Systems: EMC Retrospect Client for Windows 7.5.x prior 7.5.116
EMC Retrospect Client for Windows 7.0.x prior 7.5.112
EMC Retrospect Client for Windows 6.5.x prior 7.5.140
EMC Retrospect Client for Macintosh 6.1.x prior 6.1.130
EMC Retrospect Client for Macintosh 5.1.x prior 5.1.180
EMC Retrospect Client for Linux 7.5
EMC Retrospect Client for Linux 7.0
EMC Retrospect Client for Linux 6.5
EMC Retrospect Client for Solaris 7.5
EMC Retrospect Client for Solaris 7.0
EMC Retrospect Client for Solaris 6.5
EMC Retrospect Client for NetWare 1.0
     
CPAI-2006-195
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows itss.dll CHM File Handling Heap Corruption
  Sources: Secunia Advisory: SA20061
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-194
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows MSDTC Denial of Service
  Sources: Secunia Advisory: SA20000
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-193
  Date:
  Severity:
  Description: Update Protection against Sophos Anti-Virus CAB File Invalid Folder Count Heap Overflow
  Sources: Secunia Advisory: SA20028
  Vulnerable Systems: Sophos Anti-Virus Windows v5, prior to 5.2.1
Sophos Anti-Virus Windows v4.5, prior to 4.5.12
Sophos Anti-Virus Windows v4.0, prior to 4.05
Sophos Anti-Virus Mac OS X v 4.7, prior to 4.7.2
Sophos Anti-Virus Mac OS 8/9, prior to 4.05
Sophos Anti-Virus Unix/Linux, prior to 4.05
Sophos Anti-Virus Netware, prior to 4.05
Sophos Anti-Virus OS/2, prior to 4.05
Sophos Anti-Virus OpenVMS, prior to 4.05
Sophos Anti-Virus DOS/Windows 3.1x, prior to 4.05
Sophos Gateway Products PureMessage for Windows/Exchange, prior to 5.2.1
Sophos Gateway Products PureMessage for Unix, prior to 4.05
Sophos Gateway Products MailMonitor for SMTP - Windows, prior to 4.05
Sophos Gateway Products MailMonitor for Notes/Domino, prior to 4.05
Sophos Gateway Products MailMonitor for Exchange, prior to 4.05
Sophos Small Business Solutions all editions, prior to 4.05
     
CPAI-2006-191
  Date:
  Severity:
  Description: Update Protection against MySQL Login Handshake Information Disclosure
  Sources: Secunia Advisory: SA19929
  Vulnerable Systems: MySQL AB MySQL 4.0.x, prior to 4.0.27
MySQL AB MySQL 4.1.x, prior to 4.1.19
MySQL AB MySQL 5.0.x, prior to 5.0.21
     
CPAI-2006-189
  Date:
  Severity:
  Description: Update Protection against Mozilla Firefox JavaScript Function focus Buffer Overflow
  Sources: Secunia Advisory: SA19802
  Vulnerable Systems: Mozilla Foundation Firefox 1.5.0.2 and prior
Mozilla Foundation SeaMonkey 1.0.1 and prior
     
CPAI-2006-188
  Date:
  Severity:
  Description: Update Protection against Internet Explorer Nested Object Tag Handling Memory Corruption (MS06-021)
  Sources: Secunia Advisory: SA19762
  Vulnerable Systems: Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
     
CPAI-2006-187
  Date:
  Severity:
  Description: Update Protection against Symantec Scan Engine Authentication Bypass
  Sources: Secunia Advisory: SA19734
  Vulnerable Systems: Symantec Scan Engine prior to 5.1.0.7
Symantec Scan Engine for Bluecoat
Symantec Scan Engine for Caching
Symantec Scan Engine for Clearswift
Symantec Scan Engine for ISA
Symantec Scan Engine for Messaging
Symantec Scan Engine for Microsoft
Symantec Scan Engine for Netapp Filer
Symantec Scan Engine for Netapp NetCache
Symantec Scan Engine for Network Attached Storage
     
CPAI-2006-184
  Date:
  Severity:
  Description: Update Protection against Mozilla Products Graphics and XML Features Integer Overflows
  Sources: Secunia Advisory: SA18700
  Vulnerable Systems: Mozilla Foundation Firefox 1.6a1
Mozilla Foundation Mozilla Suite 1.7.13
Mozilla Foundation Mozilla Suite 1.7.14
     
CPAI-2006-183
  Date:
  Severity:
  Description: Update Protection against Mozilla Products QueryInterface Method Memory Corruption
  Sources: Secunia Advisory: SA18700
  Vulnerable Systems: Mozilla Foundation Firefox 1.5.x prior to 1.5.0.1
Mozilla Foundation Thunderbird 1.5
     
CPAI-2006-182
  Date:
  Severity:
  Description: Update Protection against Mozilla Browsers CSS moz-binding Cross Domain Scripting
  Sources: SecurityFocus Bugtraq ID: 16427
  Vulnerable Systems: Mozilla Foundation Firefox 1.5.0.1 and prior
Mozilla Foundation Mozilla Suite 1.7.12 and prior
     
CPAI-2006-181
  Date:
  Severity:
  Description: Update Protection against Apache HTTP Server auth_ldap Logging Function Format String
  Sources: Secunia Advisory: SA18382
  Vulnerable Systems: rudedog.org auth_ldap Prior to 1.6.1
     
CPAI-2006-180
  Date:
  Severity:
  Description: Update Protection against Mozilla Firefox Tag Order Memory Corruption
  Sources: Secunia Advisory: SA19631
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.7 and prior
Mozilla Foundation Thunderbird 1.0.7 and prior
Mozilla Foundation Mozilla Suite 1.7.12 and prior
     
CPAI-2006-179
  Date:
  Severity:
  Description: Update Protection against Nullsoft Winamp Player Playlists Name Handling Buffer Overflow
  Sources: Secunia Advisory: SA18649
  Vulnerable Systems: Nullsoft Winamp 5.11
Nullsoft Winamp 5.111
Nullsoft Winamp 5.112
Nullsoft Winamp 5.12
     
CPAI-2006-176
  Date:
  Severity:
  Description: Update Protection against Oracle Database Server SYS.DBMS_METADATA_UTIL Package SQL Injection
  Sources: Secunia Advisory: SA18493
  Vulnerable Systems: Oracle Database Server 10g Release 1
Oracle Database Server 9i Release 2
     
CPAI-2006-175
  Date:
  Severity:
  Description: Update Protection against Oracle Database Server SQL Injection In Package SYS.KUPV
  Sources: Secunia Advisory: SA18493
  Vulnerable Systems: Oracle Database Server 10g Release 1
     
CPAI-2006-174
  Date:
  Severity:
  Description: Update Protection against Oracle Application Server Reports desname Arbitrary File Overwriting
  Sources: Secunia Advisory: SA16092
  Vulnerable Systems: Oracle Application Server 10g
Oracle Application Server 8i and prior
Oracle Application Server 9i
Oracle Developer Suite 10g
Oracle Developer Suite 8i and prior
Oracle Developer Suite 9i
     
CPAI-2006-171
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows GRE WMF Handling Memory Read Exception (MS06-001)
  Sources: SecurityFocus Bugtraq ID: 16167
  Vulnerable Systems: Microsoft Windows 98
Microsoft Windows 2000
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows XP
     
CPAI-2006-170
  Date:
  Severity:
  Description: Update Protection against RIM BlackBerry Enterprise Server Router Component Denial of Service
  Sources: Secunia Advisory: SA18277
  Vulnerable Systems: Research In Motion BlackBerry Enterprise Server for IBM Lotus Domino 4.x
Research In Motion BlackBerry Enterprise Server for Microsoft Exchange 4.x
Research In Motion BlackBerry Enterprise Server for Novell GroupWise 4.x
     
CPAI-2006-169
  Date:
  Severity:
  Description: Update Protection against VMware Multiple Products NAT Service Buffer Overflow
  Sources: Secunia Advisory: SA18162
  Vulnerable Systems: VMware Assured Computing Environment 1.0.1 and earlier
VMware GSX Server 3.2 and earlier
VMware Player 1.0
VMware Workstation 5.5 and earlier
     
CPAI-2006-167
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Malformed Range Code Execution (MS06-012)
  Sources: Secunia Advisory: SA19138
  Vulnerable Systems: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel X for Mac
Microsoft Excel 2003
Microsoft Excel 2004 for Mac
Microsoft Excel Viewer 2003
     
CPAI-2006-166
  Date:
  Severity:
  Description: Update Protection against Internet Explorer IsComponentInstalled Buffer Overflow
  Sources: SecurityFocus Bugtraq ID: 16870
  Vulnerable Systems: Microsoft Internet Explorer 5.01 up to and including SP3
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
     
CPAI-2006-164
  Date:
  Severity:
  Description: Update Protection against EMC Dantz Retrospect Backup Agent Denial of Service
  Sources: Secunia Advisory: SA19097
  Vulnerable Systems: EMC Retrospect Client 6.5 prior to 6.5.138
EMC Retrospect Client 7.0 prior to 7.0.109
     
CPAI-2006-160
  Date:
  Severity:
  Description: Update Protection against Internet Explorer Script Engine Stack Exhaustion
  Sources: SecurityFocus Bugtraq ID: 16687
  Vulnerable Systems: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0 SP2
     
CPAI-2006-159
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows Media Player Plug-in Buffer Overflow
  Sources: Secunia Advisory: SA18852
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
     
CPAI-2006-158
  Date:
  Severity:
  Description: Update Protection against IBM Lotus Notes HTML Speed Reader Long URL Buffer Overflow
  Sources: Secunia Advisory: SA16280
  Vulnerable Systems: IBM Lotus Notes 6.x prior to 6.5.5
IBM Lotus Notes 7.x prior to 7.0.1
     
CPAI-2006-157
  Date:
  Severity:
  Description: Update Protection against IBM Lotus Notes Attachment Viewer UUE File Handling Buffer Overflow
  Sources: Secunia Advisory: SA16280
  Vulnerable Systems: IBM Lotus Notes 6.x prior to 6.5.5
IBM Lotus Notes 7.x prior to 7.0.1
     
CPAI-2006-152
  Date:
  Severity:
  Description: Preemptive Protection against OpenLDAP Remote Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA23334
  Vulnerable Systems:  OpenLDAP version 2.3.30 and prior
     
CPAI-2006-150
  Date:
  Severity:
  Description: Preemptive Protection against MailEnable IMAP Service Remote Code Execution Vulnerability
  Sources: Secunia Research: 20061211
  Vulnerable Systems: MailEnable Enterprise Edition versions 1.1 through 1.41
MailEnable Enterprise Edition versions 2.0 through 2.35
MailEnable Professional Edition versions 1.6 through 1.84
MailEnable Professional Edition versions 2.0 through 2.35
     
CPAI-2006-147
  Date:
  Severity:
  Description: Block Windows Address Book Contact Record Vulnerability (MS06-076)
  Sources: Microsoft Security Bulletin MS06-076
  Vulnerable Systems: Microsoft Outlook Express 5.5 SP2 on Windows 2000 SP4
Microsoft Outlook Express 6 SP1 on Windows 2000 SP4
Microsoft Outlook Express 6 on Windows XP SP2
Microsoft Outlook Express 6 on Windows XP Professional x64 Edition
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 SP1
Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition
Microsoft Outlook Express 6 on Windows Server 2003 (Itanium)
Microsoft Outlook Express 6 on Windows Server 2003 SP1 (Itanium)
     
CPAI-2006-325
  Date:
  Severity:
  Description: Update Protection against ImageMagick SGI File Handling Buffer Overflow
  Sources: Secunia Advisory: SA21462
  Vulnerable Systems: ImageMagick Studio ImageMagick 6.2.8 and prior
     
CPAI-2006-314
  Date:
  Severity:
  Description: Update Protection against Yahoo Messenger YMailAttach ActiveX Control Buffer Overflow
  Sources: Secunia Advisory: SA23401
  Vulnerable Systems: Yahoo! Messenger 5.x
Yahoo! Messenger 6.x
Yahoo! Messenger 7.x
Yahoo! Messenger 8.x prior to 8.1.0.209
     
CPAI-2006-305
  Date:
  Severity:
  Description: Update Protection against Novell GroupWise Messenger HTTP POST Request Invalid Memory Access
  Sources: Secunia Advisory: SA22244
  Vulnerable Systems: Novell GroupWise Messenger 1.0 prior to 1.0.6 HP1
Novell GroupWise Messenger 2.0 prior to 2.0.2 HP1
     
CPAI-2006-303
  Date:
  Severity:
  Description: Update Protection against Trend Micro OfficeScan Atxconsole ActiveX Control Format String
  Sources: Secunia Advisory: SA22224
  Vulnerable Systems: Trend Micro OfficeScan Corporate Edition 7.3
     
CPAI-2006-292
  Date:
  Severity:
  Description: Update Protection against Microsoft Publisher PUB File Processing Memory Corruption (MS06-054)
  Sources: Microsoft Scurity Bulletin MS06-054
  Vulnerable Systems: Microsoft Publisher 2000
Microsoft Publisher 2002
Microsoft Publisher 2003
     
CPAI-2006-276
  Date:
  Severity:
  Description: Update Protection against ProFTPD SReplace Function Buffer Overflow
  Sources: Secunia Advisory: SA22803
  Vulnerable Systems: ProFTPD Project ProFTPD prior to 1.3.0a
     
CPAI-2006-247
  Date:
  Severity:
  Description: Update Protection against SpamAssassin Spamd Configurable Options Code Execution
  Sources: Secunia Advisory: SA20430
  Vulnerable Systems: Apache Software Foundation SpamAssassin 3.0.x prior to 3.0.6
Apache Software Foundation SpamAssassin 3.1.x prior to 3.1.3
     
CPAI-2006-245
  Date:
  Severity:
  Description: Update Protection against F-Secure Products Web Console Buffer Overflow
  Sources: Secunia Advisory: SA20407
  Vulnerable Systems: F-Secure Anti-Virus for Microsoft Exchange 6.40
F-Secure Internet Gatekeeper 6.40
F-Secure Internet Gatekeeper 6.41
F-Secure Internet Gatekeeper 6.42
F-Secure Internet Gatekeeper 6.50
     
CPAI-2006-222
  Date:
  Severity:
  Description: Update Protection against Mozilla Firefox CSS letter-spacing Heap Overflow
  Sources: Secunia Advisory: SA19631
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.x prior to 1.0.8
Mozilla Foundation Firefox 1.5.x prior to 1.5.0.2
Mozilla Foundation Mozilla prior to 1.7.13
Mozilla Foundation SeaMonkey prior to 1.0.1
Mozilla Foundation Thunderbird 1.0.x prior to 1.0.8
Mozilla Foundation Thunderbird 1.5.x prior to 1.5.0.2
     
CPAI-2006-202
  Date:
  Severity:
  Description: Update Protection against MediaWiki Parser Script Insertion
  Sources: Secunia Advisory: SA20189
  Vulnerable Systems: Wikimedia Foundation MediaWiki 1.6.0
Wikimedia Foundation MediaWiki 1.6.1
Wikimedia Foundation MediaWiki 1.6.2
Wikimedia Foundation MediaWiki 1.6.3
Wikimedia Foundation MediaWiki 1.6.4
Wikimedia Foundation MediaWiki 1.6.5
     
CPAI-2006-190
  Date:
  Severity:
  Description: Update Protection against LibTIFF TIFFFetchData Function Integer Overflow
  Sources: Secunia Advisory: SA19838
  Vulnerable Systems: Sam Leffler LibTIFF 3.8.0 and prior
     
CPAI-2006-185
  Date:
  Severity:
  Description: Update Protection against Internet Explorer WMF Image Parsing Memory Corruption
  Sources: Secunia Advisory: SA18729
  Vulnerable Systems: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
     
CPAI-2006-168
  Date:
  Severity:
  Description: Update Protection against McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite
  Sources: Secunia Advisory: SA18169
  Vulnerable Systems: McAfee Personal Firewall Plus 7.0 and prior
McAfee Privacy Service 8.0
McAfee SpamKiller 6.0 and prior
McAfee VirusScan 4.0
McAfee VirusScan 4.0.3
McAfee VirusScan 4.5
McAfee VirusScan 4.5.1
McAfee VirusScan 5.0
McAfee VirusScan 6.0
McAfee VirusScan 7.0
McAfee VirusScan 7.1
McAfee VirusScan 8.0
McAfee VirusScan 9.0
     
CPAI-2006-165
  Date:
  Severity:
  Description: Update Protection against Microsoft Visual Studio dbp and sln File Handling Buffer Overflow
  Sources: SecurityFocus Bugtraq ID: 16953
  Vulnerable Systems: Microsoft Microsoft Visual Studio 6.0
Microsoft Microsoft Visual Studio 6.0 SP1
Microsoft Microsoft Visual Studio 6.0 SP2
Microsoft Microsoft Visual Studio 6.0 SP3
Microsoft Microsoft Visual Studio 6.0 SP4
Microsoft Microsoft Visual Studio 6.0 SP5
Microsoft Microsoft Visual Studio 6.0 SP6
     
CPAI-2006-163
  Date:
  Severity:
  Description: Update Protection against WinACE RAR and TAR Directory Traversal
  Sources: Secunia Advisory: SA19013
  Vulnerable Systems: e-Merge WinAce 2.6 and prior
     
CPAI-2006-162
  Date:
  Severity:
  Description: Update Protection against Mozilla Thunderbird WYSIWIG Engine Filtering IFRAME JavaScript Execution
  Sources: Secunia Advisory: SA15907
  Vulnerable Systems: Mozilla Foundation Thunderbird prior to 1.5
     
CPAI-2006-161
  Date:
  Severity:
  Description: Update Protection against GNU Tar PAX Extended Headers Handling Buffer Overflow
  Sources: Secunia Advisory: SA18973
  Vulnerable Systems: GNU Tar Project Tape Archiver (TAR) 1.14
GNU Tar Project Tape Archiver (TAR) 1.14.90
GNU Tar Project Tape Archiver (TAR) 1.15
GNU Tar Project Tape Archiver (TAR) 1.15.1
     
CPAI-2006-155
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.125.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2006-148
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.120.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2006-146
  Date:
  Severity:
  Description: Preemptive Protection against MailEnable IMAP Service Buffer Overflow Vulnerability
  Sources: FrSIRT/ADV-2006-4778
Secunia Advisory: SA23080
  Vulnerable Systems: MailEnable Enterprise 1.40
MailEnable Enterprise 2.33
MailEnable Professional 1.83
MailEnable Professional 2.33
     
CPAI-2006-226
  Date:
  Severity:
  Description: Update Protection against Apache Tomcat Directory Listing Information Disclosure
  Sources: SecurityFocus Bugtraq ID: 19106
  Vulnerable Systems: Apache Software Foundation Tomcat prior to 5.5.13
     
CPAI-2006-154
  Date:
  Severity:
  Description: Preemptive Protection against Crob FTP Server Denial of Service Vulnerability
  Sources: Secunia Advisory: SA23365
  Vulnerable Systems: Crob FTP Server version 3.6.1 build 263
     
CPAI-2006-149
  Date:
  Severity:
  Description: Preemptive Protection against Microsoft Windows IPv6 Denial of Service Vulnerability (MS06-064)
  Sources: Microsoft Security Bulletin MS06-064
  Vulnerable Systems: Microsoft Windows XP
Microsoft Windows XP SP1
Microsoft Windows XP SP2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
     
Defense Updates
CPAI-2006-155
  Date:
  Update Number: 692061227 (Connectra NGX R61/R62)
691061227 (Connectra NGX R60)
690061227 (Connectra 2.0)
  Description: Integrity Clientless Security (ICS) Update 3.7.125.0
     
CPAI-2006-148
  Date:
  Update Number: 692061213 (Connectra NGX R61/R62)
691061213 (Connectra NGX R60)
690061213 (Connectra 2.0)
  Description: Integrity Clientless Security (ICS) Update 3.7.120.0
     
SBP-2006-13
  Date:
  Update Number: 591061205 (VPN-1 NGX R60)
602061205 (VPN-1 NGX R62)
  Description: SmartDefense Content Protection Defenses
     
SBP-2006-13
  Date:
  Update Number: 591061203 (VPN-1 NGX R60)
602061203 (VPN-1 NGX R61/R62)
  Description: SmartDefense Content Protection Defenses
     
SDS Footer

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).

Copyright 2003-2008 Check Point Software Technologies LTD (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065