SmartDefense Security Advisory: July 14, 2009

»Hot Protections

Microsoft Office Web Components ActiveX Vulnerability
(CVE-2009-1136, 973472)

A remote code execution vulnerability has been reported in Microsoft Office Web Components ActiveX Controls. Successful exploitation could result in execution of arbitrary code on the affected system. Check Point protects against attacks that use this vulnerability.

Slowloris DoS Attack
(SBP-2009-09)

A new Denial of Service tool has been released that attacks Web servers. A successful attack can exhaust a server’s ability to serve connections. Check Point protects against this type of attack.

Sun Solaris Vulnerability
(CVE-2008-3869, CVE-2008-3870)

An integer overflow vulnerability has been reported in the sadmind service in the Sun Solaris operating system. A remote, unauthenticated attacker can leverage this vulnerability by sending a crafted RPC message to the target host, potentially injecting and executing arbitrary code. Check Point protects against attacks that use this vulnerability.

July 14, 2009

IN THIS ADVISORY:

Hot Protections

Microsoft Office Web Components ActiveX Vulnerability
Slowloris DoS Attack
Sun Solaris Vulnerability

Deployment Tip

Blocking Ares Galaxy

Highlighted Protections

Including Patch Tuesday

DEPLOYMENT TIP
Best Practice: Blocking Ares Galaxy
Peer to peer Internet traffic, such as Ares Galaxy, slows critical business applications on corporate networks. It lowers employee productivity as they take time away from their work to download music and videos. This sort of traffic also significantly increases your company’s Internet communication costs and may require you to purchase additional bandwidth.

Protection

Click the IPS tab and choose Protections > By Protocol > Application Intelligence > Peer to Peer.
In the right pane, double-click the Ares protection.
In the Protection Details window, click Edit.
Choose the Action from the drop down list, and apply any Additional Settings.
Install the policy on all modules.

» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity	Vulnerability Description	SmartDefense Protection Issued	Industry Reference	SmartDefense Reference Number
Critical	Microsoft DirectShow Size Validation Remote Code Execution	14-Jul-09	MS09-028 CVE-2009-1539	CPAI-2009-125
Critical	Microsoft DirectShow Pointer Validation Remote Code Execution	14-Jul-09	MS09-028 CVE-2009-1538	CPAI-2009-123
Critical	Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution	13-Jul-09	973472 CVE-2009-1136	CPAI-2009-121
Critical	HP OpenView Network Node Manager rping Stack Buffer Overflow	14-Jul-09	CVE-2009-1420	CPAI-2009-201
Critical	Adobe Shockwave Player Pointer Memory Overwrite	25-Jun-09	APSB09-07 CVE-2009-1860	CPAI-2009-113
Critical	Apple QuickTime PICT Image paintPoly Parsing Heap Buffer Overflow	13-Jun-09	CVE-2009-0010	CPAI-2009-095
Critical	Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow	09-Jul-09	CVE-2009-1394	CPAI-2009-203
Critical	Sun Solaris sadmind RPC Request Integer Overflow	12-Jun-09	CVE-2008-3869 CVE-2008-3870	CPAI-2009-093
High	Microsoft Publisher Pointer Dereference Remote Code Execution	14-Jul-09	MS09-030 CVE-2009-0566	CPAI-2009-119
High	Microsoft ISA Server 2006 Radius OTP Bypass Vulnerability	14-Jul-09	MS09-031 CVE-2009-1135	CPAI-2009-133
High	Microsoft Video ActiveX Control Stack Buffer Overflow	07-Jul-09	CVE-2008-0015	CPAI-2009-190
High	Mozilla Firefox SSL Tampering via non-200 Responses to Proxy CONNECT Requests	06-Jun-09	CVE-2009-1836	SBP-2009-11
High	Detecting Slowloris: A Denial of Service (DoS) over HTTP	14-Jun-09		SBP-2009-09
High	Adobe Acrobat and Adobe Reader JBIG2 Pattern Dictionary Memory Corruption	17-Jun-09	APSB09-07 CVE-2009-0510 CVE-2009-0511	CPAI-2009-109
High	Adobe Acrobat and Adobe Reader JBIG2 Halftone Region Grid Integer Overflow	17-Jun-09	APSB09-07 CVE-2009-0889 CVE-2009-0512	CPAI-2009-107
High	Adobe Acrobat and Adobe Reader JBIG2 Halftone Region Integer Overflow	17-Jun-09	APSB09-07 CVE-2009-0888	CPAI-2009-105
High	Adobe Acrobat and Adobe Reader JBIG2 Text Region Integer Overflow	17-Jun-09	APSB09-07 CVE-2009-0509	CPAI-2009-103
High	Adobe Acrobat and Adobe Reader JBIG2 Page Information Integer Overflow	17-Jun-09	APSB09-07 CVE-2009-0509	CPAI-2009-101
High	CA ARCserve Backup Message Engine Denial of Service	26-Jun-09	CVE-2009-1761	CPAI-2009-099
High	Novell GroupWise Internet Agent Email Address Processing Buffer Overflow	26-Jun-09	CVE-2009-1636	CPAI-2009-097
High	IBM AIX ToolTalk RPC Server Remote Buffer Overflow	25-Jun-09		CPAI-2009-115

More Updates >

Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.

Know someone who should be getting the Advisories?

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

Achived Check Point Security Advisories

You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.