»Hot Protections

Microsoft Office Web Components ActiveX Vulnerability
(CVE-2009-1136, 973472)

A remote code execution vulnerability has been reported in Microsoft Office Web Components ActiveX Controls. Successful exploitation could result in execution of arbitrary code on the affected system. Check Point protects against attacks that use this vulnerability.

Free SmartDefense 30 Day TrialSlowloris DoS Attack
(SBP-2009-09)

A new Denial of Service tool has been released that attacks Web servers. A successful attack can exhaust a server’s ability to serve connections. Check Point protects against this type of attack.

Sun Solaris Vulnerability
(CVE-2008-3869, CVE-2008-3870)

An integer overflow vulnerability has been reported in the sadmind service in the Sun Solaris operating system. A remote, unauthenticated attacker can leverage this vulnerability by sending a crafted RPC message to the target host, potentially injecting and executing arbitrary code. Check Point protects against attacks that use this vulnerability.
July 14, 2009

IN THIS ADVISORY:
  • Microsoft Office Web Components ActiveX Vulnerability
  • Slowloris DoS Attack
  • Sun Solaris Vulnerability
  • Blocking Ares Galaxy
  • Including Patch Tuesday
DEPLOYMENT TIP
Best Practice: Blocking Ares Galaxy
Peer to peer Internet traffic, such as Ares Galaxy, slows critical business applications on corporate networks. It lowers employee productivity as they take time away from their work to download music and videos. This sort of traffic also significantly increases your company’s Internet communication costs and may require you to purchase additional bandwidth.

Protection
  1. Click the IPS tab and choose Protections > By Protocol > Application Intelligence > Peer to Peer.
  2. In the right pane, double-click the Ares protection.
  3. In the Protection Details window, click Edit.
  4. Choose the Action from the drop down list, and apply any Additional Settings.
  5. Install the policy on all modules.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued
Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft DirectShow Size Validation Remote Code Execution  14-Jul-09 MS09-028
CVE-2009-1539
CPAI-2009-125
CriticalCritical Microsoft DirectShow Pointer Validation Remote Code Execution 14-Jul-09 MS09-028
CVE-2009-1538
CPAI-2009-123
CriticalCritical Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution 13-Jul-09 973472
CVE-2009-1136
CPAI-2009-121
CriticalCritical HP OpenView Network Node Manager rping Stack Buffer Overflow 14-Jul-09 CVE-2009-1420 CPAI-2009-201
CriticalCritical Adobe Shockwave Player Pointer Memory Overwrite  25-Jun-09 APSB09-07
CVE-2009-1860
CPAI-2009-113
CriticalCritical Apple QuickTime PICT Image paintPoly Parsing Heap Buffer Overflow 13-Jun-09 CVE-2009-0010 CPAI-2009-095
CriticalCritical Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow 09-Jul-09 CVE-2009-1394 CPAI-2009-203
CriticalCritical Sun Solaris sadmind RPC Request Integer Overflow 12-Jun-09 CVE-2008-3869
CVE-2008-3870
CPAI-2009-093
CriticalHigh Microsoft Publisher Pointer Dereference Remote Code Execution  14-Jul-09 MS09-030
CVE-2009-0566
CPAI-2009-119
CriticalHigh Microsoft ISA Server 2006 Radius OTP Bypass Vulnerability 14-Jul-09 MS09-031
CVE-2009-1135
CPAI-2009-133
CriticalHigh Microsoft Video ActiveX Control Stack Buffer Overflow  07-Jul-09 CVE-2008-0015 CPAI-2009-190
CriticalHigh Mozilla Firefox SSL Tampering via non-200 Responses to Proxy CONNECT Requests 06-Jun-09 CVE-2009-1836 SBP-2009-11
CriticalHigh Detecting Slowloris: A Denial of Service (DoS) over HTTP  14-Jun-09   SBP-2009-09
CriticalHigh Adobe Acrobat and Adobe Reader JBIG2 Pattern Dictionary Memory Corruption 17-Jun-09 APSB09-07
CVE-2009-0510
CVE-2009-0511
CPAI-2009-109
CriticalHigh Adobe Acrobat and Adobe Reader JBIG2 Halftone Region Grid Integer Overflow   17-Jun-09 APSB09-07
CVE-2009-0889
CVE-2009-0512
CPAI-2009-107
CriticalHigh Adobe Acrobat and Adobe Reader JBIG2 Halftone Region Integer Overflow  17-Jun-09 APSB09-07
CVE-2009-0888
CPAI-2009-105
CriticalHigh Adobe Acrobat and Adobe Reader JBIG2 Text Region Integer Overflow  17-Jun-09 APSB09-07
CVE-2009-0509
CPAI-2009-103
CriticalHigh Adobe Acrobat and Adobe Reader JBIG2 Page Information Integer Overflow  17-Jun-09 APSB09-07
CVE-2009-0509
CPAI-2009-101
CriticalHigh CA ARCserve Backup Message Engine Denial of Service 26-Jun-09 CVE-2009-1761 CPAI-2009-099
CriticalHigh Novell GroupWise Internet Agent Email Address Processing Buffer Overflow 26-Jun-09 CVE-2009-1636 CPAI-2009-097
CriticalHigh IBM AIX ToolTalk RPC Server Remote Buffer Overflow 25-Jun-09   CPAI-2009-115

More Updates >



Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065