Check Point Security Advisory
»Top Protections

Microsoft SharePoint XSS Vulnerability
(Microsoft Security Advisory 983438, CVE-2010-0817)

A zero-day Cross-Site Scripting (XSS) vulnerability has been identified in Microsoft SharePoint by Switzerland-based security research lab High Tech Bridge in advisory HTB22350 on April 28th. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code within the SharePoint Site. Check Point provides pre-emptive and immediate protection against exploits that use this vulnerability through its integrated IPS offerings. More information.

Update Services - Buy NowMicrosoft Outlook Express and Windows Mail Vulnerability
(MS10-030, CVE-2010-0816)

A remote code execution vulnerability has been reported in the way that Outlook Express, Windows Mail, and Windows Live Mail handle specially crafted mail responses. An attacker may exploit this issue via a specially crafted POP3 or IMAP response to execute arbitrary code on a vulnerable system. Check Point provides immediate protection against exploits that use this vulnerability through its integrated IPS offerings. More information.

Critical Linux Kernel Vulnerability
(CVE-2010-1173)

A critical buffer overflow vulnerability exists in the Linux Kernel Organization's Linux kernels prior to 2.6.34-rc6. A remote attacker may exploit this vulnerability to cause a DoS against or remote code execution on an affected system. Check Point provides immediate protection against this exploit through its integrated IPS Software Blade products. More information.
May 11, 2010
In This Advisory
» Top Protections
» Microsoft SharePoint XSS Vulnerability
» Microsoft Outlook Express and Windows Mail Vulnerability
» Critical Linux Kernel Vulnerability
» Deployment Tip
» Schedule an IPS Update
» Highlighted Protections
» Including Patch Tuesday

Contact Us

IPS Software Blades

Resources for Messaging Security

SmartDefense Microsoft Security Resources

Deployment Tip
Best Practice: Schedule an IPS Update
Check Point’s global Research and Response Centers provide regular updates to ensure you have the most up-to-date defenses to protect you from the latest exploits, but if the update isn’t installed, you’re not protected. In R71 you can configure a schedule to download and install IPS protections reducing the time that your systems are vulnerable to threats.

To schedule IPS updates:
  1. In the IPS tab, select Download Updates and click Scheduled Update
  2. Select Enable IPS scheduled update
  3. Click Edit Schedule to create a schedule for the updates
    1. In the Scheduled Event Properties window enter the name of the schedule and the time of the update. Choose either;
      • a specific time
      • or a time interval like every 12 hours
  4. Click User Center credentials to enter your User Center credentials
  5. Enable On Successful update perform Install Policy
The resulting schedule is shown in the Scheduled Update window.

Best Practice: Schedule an IPS Update

» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Microsoft Outlook Express and Windows Mail Integer Overflow  11-May-10 MS10-030
CVE-2010-0816
CPAI-2010-076
CriticalCritical Linux Kernel sctp_process_unk_param SCTPChunkInit Buffer Overflow 11-May-10 CVE-2010-1173

CPAI-2010-077
CriticalCritical Microsoft Visual Basic VBE6.DLL Stack Memory Corruption  11-May-10 MS10-031
CVE-2010-0815
CPAI-2010-075
CriticalCritical Adobe Reader CFF Heap-Based Overflow  15-Apr-10 APSB10-09
CVE-2010-1241
CPAI-2010-071
CriticalCritical Adobe Reader Malformed RichMedia Annotation  14-Apr-10 APSB10-09
CVE-2010-0197
CPAI-2010-069
CriticalCritical Adobe Reader Overly Complex U3D Base Mesh Memory Corruption  13-Apr-10 APSB10-09
CVE-2010-0194
CPAI-2010-068
CriticalCritical Adobe Reader TTF Cmap Buffer Overflow  14-Apr-10 APSB10-09
CVE-2010-0195
CPAI-2010-067
CriticalCritical IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflows 26-Jun-02 CVE-2009-2753

CPAI-2010-122
CriticalCritical Novell iPrint Client ienipp.ocx target-frame Stack Buffer Overflow 23-Apr-10 CVE-2009-1568

CPAI-2010-127
CriticalCritical Multiple Vendors librpc.dll Stack Buffer Overflow 23-Apr-10 CVE-2009-2754

CPAI-2010-121
CriticalHigh Microsoft SharePoint Server 2007 Cross-Site Scripting (XSS)  29-Apr-10 CVE-2010-0817 CPAI-2010-074
CriticalHigh GhostScript PostScript Parser Stack Overflow 11-May-10 CVE-2010-1869 CPAI-2010-078

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065