A remote code execution vulnerability has been reported in Microsoft Office Web Components ActiveX Controls. Successful exploitation could result in execution of arbitrary code on the affected system. Check Point protects against attacks that use this vulnerability.
An integer overflow vulnerability has been reported in the sadmind service in the Sun Solaris operating system. A remote, unauthenticated attacker can leverage this vulnerability by sending a crafted RPC message to the target host, potentially injecting and executing arbitrary code. Check Point protects against attacks that use this vulnerability.
DEPLOYMENT TIP Best Practice: Blocking Ares Galaxy
Peer to peer Internet traffic, such as Ares Galaxy, slows critical business applications on corporate networks. It lowers employee productivity as they take time away from their work to download music and videos. This sort of traffic also significantly increases your company’s Internet communication costs and may require you to purchase additional bandwidth.
Click the IPS tab and choose Protections > By Protocol > Application Intelligence > Peer to Peer.
In the right pane, double-click the Ares protection.
In the Protection Details window, click Edit.
Choose the Action from the drop down list, and apply any Additional Settings.
Install the policy on all modules.
» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
Microsoft DirectShow Size Validation Remote Code Execution
Have SmartDefense feature questions? Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.