» Hot SmartDefense Protection Reminder
While these vulnerabilities are new, SmartDefense protections already exist for many Check Point products. SmartDefense protects against broad categories of threats. Because the defenses are broader than specific attack signatures, even unknown zero-day exploits are foiled. Below are some examples of such protections.

DNS Spoofing VideoMulti-Vendor DNS Spoofing
(CVE-2008-1447) This DNS cache poisoning technique exploits DNS requests that do not randomize source ports.The spoofing vulnerability has been reported in major DNS implementations, including Microsoft Windows DNS service and Berkeley Internet Name Domain (BIND). Check Point SmartDefense protections for DNS have been available since May 2004. We strongly encourage our customers to take the necessary steps to protect their network infrastructure. For more information, see DNS Vulnerability Spoofing Protection.

Oracle BEA WebLogic Vulnerability
(CVE-2008-3257) Oracle recently announced an unpatched vulnerability in the Oracle BEA WebLogic Server Apache Connector. The vulnerability, if exploited, allows attackers to execute arbitrary code on the WebLogic Server. SmartDefense detects and blocks the overly long requests used to exploit this vulnerability. For more information, see CPAI-2008-111.

Free SmartDefense 30 Day TrialRealPlayer ActiveX Vulnerability
This buffer overflow vulnerability in the RealNetworks RealPlayer application allows an attacker to execute arbitrary code on a vulnerable system. This is due to an error in a RealPlayer ActiveX control that fails to properly handle deletion of media library files. SmartDefense detects and blocks the vulnerable ActiveX control. For more information, see CPAI-2008-109.



» Highlighted SmartDefense Updates

This table lists SmartDefense protection updates for recently disclosed threats.  In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued		 Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft Argument Handling Memory Corruption  12-Aug-08 CVE-2008-2259
MS08-045		 CPAI-2008-125
CriticalCritical Microsoft Excel Record Parsing Vulnerability 12-Aug-08 CVE-2008-3006
MS08-043		 CPAI-2008-124
CriticalCritical Microsoft Internet Explorer Uninitialized Memory Corruption 12-Aug-08 CVE-2008-2256
MS08-045		 CPAI-2008-119
CriticalCritical Microsoft Excel Index Array Vulnerability 12-Aug-08 CVE-2008-3005
MS08-043		 CPAI-2008-123
CriticalCritical Microsoft Excel Indexing Validation Vulnerability 12-Aug-08 CVE-2008-3004
MS08-043		 CPAI-2008-122
CriticalCritical Microsoft Color Management System Pathname Vulnerability 12-Aug-08 CVE-2008-2245
MS08-046		 CPAI-2008-121
CriticalCritical Microsoft Office Malformed BMP Filter 12-Aug-08 CVE-2006-4841
MS08-044		 CPAI-2008-116
CriticalCritical Microsoft Office PICT Filter Parsing Vulnerability 12-Aug-08 CVE-2006-5992
MS08-044		 CPAI-2008-115
CriticalCritical Microsoft Office Malformed PICT Filter 12-Aug-08 CVE-2006-1307; 
MS08-044		 CPAI-2008-114
CriticalCritical Microsoft Office Malformed EPS Filter 12-Aug-08 CVE-2006-1317
MS08-044		 SBP-2008-09
CriticalCritical Microsoft PowerPoint Parsing Overflow 12-Aug-08 CVE-2008-1455
MS08-051		 CPAI-2008-113
CriticalCritical Oracle WebLogic Server Apache Connector HTTP Version String Buffer Vulnerability 3-Aug-08 CVE-2008-3257 CPAI-2008-111
CriticalCritical Microsoft Word Malformed Data Remote Code Execution Vulnerability (MS08-042) 17-Jul-08 CVE-2008-2244
MS08-042		 CPAI-2008-097
CriticalCritical Microsoft Access Snapshot Viewer ActiveX Control Remote Code Execution 9-Jul-08 CVE-2008-2463
MS08-041		 CPAI-2008-096
CriticalCritical Multiple Vendor DNS Insufficient Socket Entropy 9-Mar-05 CVE-2008-1447
US-CERT VU#800113		 CPAI-2008-092
HighHigh Microsoft URL Parsing Cross Domain Information Disclosure 12-Aug-08 CVE-2008-1448
MS08-048		 CPAI-2008-126
HighHigh Messenger Information Disclosure 12-Aug-08 CVE-2008-0082
MS08-050		 CPAI-2008-120
HighHigh Aurigma and HP ActiveX Kill Bits 12-Aug-08 Microsoft Security Advisory (953839)  CPAI-2008-118
HighHigh Microsoft PowerPoint Memory Allocation vulnerabilities 12-Aug-08 CVE-2008-0120
CVE-2008-0121
MS08-051		 CPAI-2008-117
HighHigh RealNetworks RealPlayer ActiveX Import Method Buffer Overflow 17-Apr-08 CVE-2008-3066 CPAI-2008-109
HighHigh Castle Rock Computing SNMPc Network Manager Community String Stack Vulnerability 16-Jul-06 CVE-2008-2214 CPAI-2008-106

More SmartDefense Updates >

» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point products through the Check Point SmartCenter management interface.

How to Install SmartDefense Updates



Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the new SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features. The role of this forum is to allow SmartDefense users to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.



» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe.

For additional information about SmartDefense and SmartDefense Services, please visit the SmartDefense section of the Check Point Website.

Archived SmartDefense Security Advisories >
August 12, 2008

IN THIS ADVISORY:

» Hot SmartDefense Protection Reminder
  • Multi-Vendor DNS Spoofing
  • Oracle BEA WebLogic Vulnerability
  • RealPlayer ActiveX Vulnerability
» Highlighted SmartDefense Updates
  • Including Patch Tuesday
» How to Install SmartDefense Updates
» Deployment Tips
Tracking SmartDefense Protections by Log

Contact Us

SmartDefense User Forum

Resources for Messaging Security

SmartDefense Microsoft Security Resources

SMARTDEFENSE DEPLOYMENT TIPS
Best Practice: Tracking SmartDefense Protections by Log
You can use SmartView Tracker to find out which SmartDefense protection triggered a specific SmartDefense log entry. This information helps you analyze your protection configuration choices.

To view attack information for a log entry:
  1. Right click the log entry’s Attack or Attack Information column.
  2. Select Go to Advisory.
    The advisory opens.
  3. Click the Protection tab.
Use the information in the Protection tab to determine whether the log entry is indicative of an attack or if it is
normal traffic that you want to allow.

This tip applies to VPN-1 NGX R65.

Do you know someone who should be getting these Advisories?
Tell them to sign up using the Smart Defense Advisory Subscription page.
You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2008 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065