Check Point Security Advisory
»Top Protections

Zero-Day Internet Explorer Table Handling Memory Corruption Vulnerability
( Microsoft Security Advisory 2458511, CVE-2010-3962 )

Summary:
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands.
Protection: Check Point IPS Software Blade and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking attempts to exploit this issue. Learn More .

Check Point IPS Research Team Discovers Four Adobe Shockwave Player Vulnerabilities
( APSB10-25, CVE-2010-4086, CVE-2010-4087, CVE-2010-4088, CVE-2010-4089 )

Summary: Adobe has released a security advisory that details several critical vulnerabilities in Shockwave Player, four of which were discovered by the Check Point IPS Research Team.  A remote attacker can exploit these issues via specially crafted DIR files and potentially take complete control of an affected system.
Protection: Check Point R70/71 IPS Software Blade provides immediate protection of unpatched systems by detecting malformed Adobe DIR files and blocking their transfer over HTTP. Learn More .

Remote Code Exploit Leverages Legacy PowerPoint Files
MS10-088, CVE-2010-2572 )

Summary: A remote code execution vulnerability has been identified in Microsoft PowerPoint. An attacker could exploit this issue by convincing a user to open a malformed PowerPoint file. Successful exploitation of this vulnerability may allow execution of arbitrary code on the targeted system.
Protection: Check Point IPS Software Blade and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking the transferal of legacy PowerPoint files over HTTP. Learn More .

November 9, 2010
In This Advisory
» Top Protections
» Zero-Day Internet Explorer Table Handling Memory Corruption Vulnerability
» Check Point IPS Research Team Discovers Four Adobe Shockwave Player Vulnerabilities
» Remote Code Exploit Leverages Legacy PowerPoint Files
» Deployment Tip
» Use Timeline View to Assess and Respond
» Highlighted Protections
» Including Patch Tuesday

Contact Us

IPS Software Blades

Update Services - Buy Now

Resources for Messaging Security

SmartDefense Microsoft Security Resources

Deployment Tip
Best Practice: Use Timeline View to Assess and Respond
SmartEvent provides several real-time views to help you quickly understand and act on security events. In the Timeline View, events are consolidated and displayed by event count, severity, and frequency over the event period. The frequency of events is displayed in "time wheels" along each timeline.

TimeLineView

Each time wheel shows the severity of events by color, and the number of events by the thickness of the wheel.

TimeWheels

Timelines are queries that present important recent events such as IPS and DLP. Each timeline displays up to one million events for a particular query over the specified Time Frame. Colors in each time wheel represent the severity of the events.

Timelines view allows you to

  • Modify the predefined queries or add new ones of your own
  • Choose a Time Frame for which events are displayed in the Timeline View
  • Modify the Time Resolution of the Time Wheels to the show frequency of the events

» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Adobe Flash Player Flash Content Parsing Code Execution 01-Nov-10 APSA10-05
APSB10-26
CVE-2010-3654
 
CPAI-2010-304

 

CriticalCritical Adobe Shockwave Director rcsL Chunk Remote Code Execution 27-Oct-10
APSB10-04
CVE-2010-3653
CPAI-2010-299
CriticalCritical Adobe Reader and Acrobat Image Parsing Input Validation Code Execution 21-Oct-10
APSB10-21
CVE-2010-3620
CPAI-2010-296
CriticalHigh Microsoft Internet Explorer Table Handling Memory Corruption Vulnerability 07-Nov-10
Microsoft Security Advisory (2458511)
CVE-2010-3962
CPAI-2010-310
CriticalHigh Blocking Legacy PowerPoint Files 09-Nov-10
MS10-088
CVE-2010-2572
SBP-2010-30
CriticalHigh Microsoft PowerPoint DLL Planting Code Execution 09-Nov-10
MS10-087
CVE-2010-3337
CPAI-2010-311
CriticalHigh Microsoft Office RTF Stack Buffer Overflow 09-Nov-10
MS10-087
CVE-2010-3333
CPAI-2010-309
CriticalHigh Microsoft Office Excel Drawing Exception Handling Code Execution 09-Nov-10
MS10-087
CVE-2010-3335
CPAI-2010-307
CriticalHigh Microsoft Office PowerPoint Integer Underflow Heap Corruption 09-Nov-10
MS10-088
CVE-2010-2573
CPAI-2010-305
CriticalHigh Microsoft Internet Explorer Table Handling Memory Corruption 09-Nov-10
2458511
CVE-2010-3962
CPAI-2010-310
CriticalHigh Adobe Shockwave Player Duplicate LSCM Records Memory Corruption 28-Oct-10
APSB10-25
CVE-2010-4089
CPAI-2010-303
CriticalHigh Adobe Shockwave Player Duplicate Keys Memory Corruption 28-Oct-10
APSB10-25
CVE-2010-4088
CPAI-2010-302
CriticalHigh Adobe Shockwave Player CSWV Record Length Memory Corruption 28-Oct-10
APSB10-25
CVE-2010-4087
CPAI-2010-301
CriticalHigh Adobe Shockwave Player MMAP Entry Size Memory Corruption 28-Oct-10
APSB10-25
CVE-2010-4086
CPAI-2010-300
CriticalHigh Adobe Reader ACE.dll ICC Stream mluc Structure Integer Overflow 27-Oct-10
APSB10-21
CVE-2010-3622
CPAI-2010-298
CriticalHigh Oracle Java Internet Explorer Browser Stack Buffer Overflow 21-Oct-10  
CVE-2010-3552

 

 
CPAI-2010-297

 


More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point's global Research and Response Centers. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065