Abobe Flash Player 0-day Vulnerability
(APSA10-01, CVE-2010-1297)
A critical remote code execution vulnerability that is being exploited in the wild has been reported in Adobe Flash Player 10.0.45.2 and earlier versions. Flash Player is a widely used multimedia and application player used in Windows, Macintosh, Linux and Solaris operating systems. A remote attacker may exploit this vulnerability to take complete control of the affected system. The Check Point IPS Software Blade detects and blocks attempts to exploit this vulnerability. More information.
IPS Research Team Discovers Critical Syslog Format String Vulnerability(CVE-2010-1039)
A critical format string vulnerability in the rpc.pcnfsd service within several systems was discovered by a member of the Check Point IPS Research Team. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. Check Point IPS-1 has provided preemptive protection against this vulnerability since January 2003 and the integrated IPS products SmartDefense and the IPS Software Blade provide immediate protection in the latest IPS update by detecting and blocking malformed RPC requests. More information.
SMB Remote Disk Scanning for Executable Files Protection
Some malware like virus Win32.Pate.A and its variants spread from one infected system to another by sending Server Message Block (SMB) requests for lists of executable files on shared disks. When the files are identified the virus is then capable of modifying the files to infect the target system. Check Point integrated IPS products detect and block aggressive attempts to retrieve the list of executable files on remote SMB drives. More information.
June 8, 2010
| In This Advisory | |
| » Top Protections | |
 |
Abobe Flash Player 0-day Vulnerability |
|
IPS Research Team Discovers Critical Syslog Format String Vulnerability |
|
SMB Remote Disk Scanning for Executable Files Protection |
| » Deployment Tip | |
|
Unify IPS Protection Management |
| » Highlighted Protections | |
|
Including Patch Tuesday |
| Deployment Tip Best Practice: Unify IPS Protection Management Whether you decide to go with the integrated IPS Software Blade, the dedicated IPS-1 product, or desire an extra layer of protection and choose to use both solutions together, R71 Security Management provides unified protection management for both Check Point IPS products. For example consider one of the Critical Microsoft SMB Client Vulnerabilities announced in April. To find the relevant protections:
 |
» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
| Severity | Vulnerability Description | Check Point Protection Issued |
Industry Reference | Check Point Reference Number |
 Critical |
Adobe Flash Player authplay.dll Component Code Execution | 07-Jun-10 | CVE-2010-1297 | CPAI-2010-206 |
| Critical |
Multiple Vendors rpc.pcnfsd Syslog Format String Vulnerability | 17-May-10 | CVE-2010-1039 | CPAI-2010-082 |
| Critical |
Microsoft Internet Explorer CStyleSheet Uninitialized Memory Corruption | 08-Jun-10 | CVE-2010-1259 MS10-035 CVE-2010-1262 |
CPAI-2010-087 |
| Critical |
Multiple Vendors OPIE Off-by-one Stack Buffer Overflow | 30-Mar-06 | CVE-2010-1938 | CPAI-2010-204 |
| Critical |
Microsoft DirectShow MJPEG Crafted Segments Code Execution | 08-Jun-10 | CVE-2010-1880 MS10-033 |
CPAI-2010-205 |
| Critical |
Multiple Adobe Shockwave Player and Adobe Director Vulnerabilities | 17-May-10 | APSB10-12 | SBP-2010-19 |
| Critical |
OpenSSL TLS Connection Record Handling Denial of Service | 17-May-10 | CVE-2010-0740 | CPAI-2010-080 |
| Critical |
Apple Safari CSS format Argument Handling Memory Corruption | 14-May-10 | CVE-2010-0046 | CPAI-2010-131 |
| High |
SMB Remote Disk Scanning for Executable Files Protection | 26-May-10 | SBP-2010-20 | |
| High |
Virus: Win32.Pate.A | 17-May-10 | CPAI-2010-081 | |
| High |
Microsoft SharePoint XSS Vulnerability | 05-May-10 | CVE-2010-0817 MS Advisory (983438) |
CPAI-2010-074 |
| High |
Microsoft Excel ExternSheet Record String Length Stack Overrun | 08-Jun-10 | CVE-2010-1252 MS10-038 |
CPAI-2010-202 |
| High |
Microsoft Excel OBJ Record Stack Overflow | 08-Jun-10 | CVE-2010-0822 MS10-038 |
CPAI-2010-094 |
| High |
Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities | 15-Mar-05 | CVE-2009-3467 APSB10-11 CVE-2010-1293 |
CPAI-2010-079 |
| High |
Microsoft Windows Canonical Display Driver Denial of Service | 20-May-10 | CVE-2009-3678 MS Advisory (2028859) |
CPAI-2010-083 |
| High |
Trojan.Sasfis | 26-May-10 | CPAI-2010-085 |
More Updates >
Have questions about IPS? Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted. |
Know someone who should be getting the Advisories? |
| » About the Check Point Update Services Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com. |
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065