Check Point Security Advisory
»Top Protections

Abobe Flash Player 0-day Vulnerability
(APSA10-01, CVE-2010-1297)

A critical remote code execution vulnerability that is being exploited in the wild has been reported in Adobe Flash Player 10.0.45.2 and earlier versions. Flash Player is a widely used multimedia and application player used in Windows, Macintosh, Linux and Solaris operating systems. A remote attacker may exploit this vulnerability to take complete control of the affected system. The Check Point IPS Software Blade detects and blocks attempts to exploit this vulnerability. More information.

Update Services - Buy NowIPS Research Team Discovers Critical Syslog Format String Vulnerability
(CVE-2010-1039)

A critical format string vulnerability in the rpc.pcnfsd service within several systems was discovered by a member of the Check Point IPS Research Team. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. Check Point IPS-1 has provided preemptive protection against this vulnerability since January 2003 and the integrated IPS products SmartDefense and the IPS Software Blade provide immediate protection in the latest IPS update by detecting and blocking malformed RPC requests. More information.

SMB Remote Disk Scanning for Executable Files Protection

Some malware like virus Win32.Pate.A and its variants spread from one infected system to another by sending Server Message Block (SMB) requests for lists of executable files on shared disks. When the files are identified the virus is then capable of modifying the files to infect the target system. Check Point integrated IPS products detect and block aggressive attempts to retrieve the list of executable files on remote SMB drives.  More information.
June 8, 2010
In This Advisory
» Top Protections
» Abobe Flash Player 0-day Vulnerability
» IPS Research Team Discovers Critical Syslog Format String Vulnerability
» SMB Remote Disk Scanning for Executable Files Protection
» Deployment Tip
» Unify IPS Protection Management
» Highlighted Protections
» Including Patch Tuesday

Contact Us

IPS Software Blades

Resources for Messaging Security

SmartDefense Microsoft Security Resources

Deployment Tip
Best Practice:  Unify IPS Protection Management
Whether you decide to go with the integrated IPS Software Blade, the dedicated IPS-1 product, or desire an extra layer of protection and choose to use both solutions together, R71 Security Management provides unified protection management for both Check Point IPS products. For example consider one of the Critical Microsoft SMB Client Vulnerabilities announced in April.

To find the relevant protections:
  1. In the IPS tab, select the Protections branch in the left menu
  2. In Look for enter CVE-2010-0476 and the relevant protections for IPS Blade and IPS-1 appear in the Protections list
Unify IPS Protection Management

» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Adobe Flash Player authplay.dll Component Code Execution 07-Jun-10 CVE-2010-1297 CPAI-2010-206
CriticalCritical Multiple Vendors rpc.pcnfsd Syslog Format String Vulnerability 17-May-10 CVE-2010-1039 CPAI-2010-082
CriticalCritical Microsoft Internet Explorer CStyleSheet Uninitialized Memory Corruption 08-Jun-10 CVE-2010-1259
MS10-035
CVE-2010-1262
CPAI-2010-087
CriticalCritical Multiple Vendors OPIE Off-by-one Stack Buffer Overflow  30-Mar-06 CVE-2010-1938 CPAI-2010-204
CriticalCritical Microsoft DirectShow MJPEG Crafted Segments Code Execution  08-Jun-10 CVE-2010-1880
MS10-033
CPAI-2010-205
CriticalCritical Multiple Adobe Shockwave Player and Adobe Director Vulnerabilities 17-May-10 APSB10-12 SBP-2010-19
CriticalCritical OpenSSL TLS Connection Record Handling Denial of Service  17-May-10 CVE-2010-0740 CPAI-2010-080
CriticalCritical Apple Safari CSS format Argument Handling Memory Corruption 14-May-10 CVE-2010-0046 CPAI-2010-131
CriticalHigh SMB Remote Disk Scanning for Executable Files Protection 26-May-10 SBP-2010-20
CriticalHigh Virus: Win32.Pate.A 17-May-10 CPAI-2010-081
CriticalHigh Microsoft SharePoint XSS Vulnerability 05-May-10 CVE-2010-0817
MS Advisory (983438)
CPAI-2010-074
CriticalHigh Microsoft Excel ExternSheet Record String Length Stack Overrun  08-Jun-10 CVE-2010-1252
MS10-038
CPAI-2010-202
CriticalHigh Microsoft Excel OBJ Record Stack Overflow  08-Jun-10 CVE-2010-0822
MS10-038
CPAI-2010-094
CriticalHigh Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities  15-Mar-05 CVE-2009-3467
APSB10-11
CVE-2010-1293
CPAI-2010-079
CriticalHigh Microsoft Windows Canonical Display Driver Denial of Service  20-May-10 CVE-2009-3678
MS Advisory (2028859)
CPAI-2010-083
CriticalHigh Trojan.Sasfis 26-May-10 CPAI-2010-085

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065