Check Point Security Advisory
»Top Protections

Microsoft Outlook Web Access Vulnerability
(Microsoft Security Advisory 2401593, CVE-2010-3213)

Summary: An elevation of privilege vulnerability has been reported in Microsoft Outlook Web Access. Successful exploitation of this issue could allow an attacker to login to the OWA session, leading to elevation of privilege.
Protection: Check Point IPS Software Blade provides immediate network protection in the latest IPS Update by detecting and blocking attempts to exploit this vulnerability. Learn More.

Microsoft Internet Information Services MS10-065 Vulnerabilities
(MS10-065, CVE-2010-2730, CVE-2010-1899, CVE-2010-2731)

Summary: Three vulnerabilities in Microsoft Internet Information Services have been reported:

  1. A header buffer overflow issue
  2. A Denial of Service (DoS) issue, and
  3. A user authentication bypass issue

Protection: Check Point IPS Software Blade and NGX SmartDefense products have provided preemptive protection since 2004 for the CVE-2010-2730 vulnerability by detecting and blocking HTTP requests that attempt to exploit this type of flaw. Check Point IPS Software Blade, IPS-1 and NGX SmartDefense provide protection against the remaining two vulnerabilities in the latest IPS update by detecting and blocking requests and URLs that attempt to exploit these vulnerabilities. Learn More.

Adobe Zero-Day Vulnerability in Reader and Acrobat
(Adobe Security Advisory APSA10-02, CVE-2010-2883)

Summary: Adobe has released a zero-day advisory that addresses a critical vulnerability in the cooltype.dll component used by the Reader and Acrobat products. The flaw, which is already being exploited, allows attackers to execute malicious code on an affected machine via a specially crafted PDF file.
Protection: Check Point IPS Software Blade and NGX SmartDefense provide immediate protection of unpatched systems in the latest IPS update by detecting and blocking the transferal of malicious PDF files over HTTP. Learn More.

September 14, 2010
In This Advisory
» Top Protections
» Microsoft Outlook Web Access Vulnerability
» Microsoft Internet Information Services MS10-065 Vulnerabilities
» Adobe Zero-Day Vulnerability in Reader and Acrobat
» Deployment Tip
» Viewing Protection Details From SmartView Tracker’s Log View
» Highlighted Protections
» Including Patch Tuesday

Contact Us

IPS Software Blades

Update Services - Buy Now

Resources for Messaging Security

SmartDefense Microsoft Security Resources

Deployment Tip
Best Practice:  Viewing Protection Details From SmartView Tracker’s Log View
SmartView Tracker allows you to monitor IPS events so that you can tune your IPS configuration for optimal security and connectivity.  Right-clicking on any SmartView Tracker log entry will provide you with several options, including Open Protection. Selecting this option will open a details page that contains information about the protection that triggered the IPS event.

To view the details about a protection:

  1. Right click a log entry.
Viewing Protection Details From SmartView Tracker’s Log View
  1. Select Open Protection.

The details page will appear, similar to this example:

Viewing Protection Details From SmartView Tracker’s Log View

» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Microsoft Outlook Web Access Crafted POST Request Elevation of Privilege 14-Sep-10 CVE-2010-3213
Microsoft Security Advisory (2401593)
CPAI-2010-268
CriticalCritical Microsoft Print Spooler Service Impersonation Code Execution  14-Sep-10 CVE-2010-2729
MS10-061
CPAI-2010-264
CriticalCritical Adobe Reader and Acrobat TTF SING Table Buffer Overflow  12-Sep-10 CVE-2010-2883
APSA10-02
CPAI-2010-267
CriticalCritical Microsoft Windows Media Player MPEG-4 Codec Code Execution  14-Sep-10 CVE-2010-0818
MS10-062
CPAI-2010-266
CriticalCritical Microsoft Outlook RTF E-mail Parsing Heap Based Buffer Overflow 14-Sep-10 CVE-2010-2728
MS10-064
CPAI-2010-265
CriticalCritical Blocking Embedded Base-64 Encoded TTF Files 14-Sep-10 CVE-2010-2738
MS10-063
SBP-2010-25
CriticalCritical Adobe Reader and Acrobat cooltype.dll Remote Code Execution  19-Aug-10 CVE-2010-2862
APSB10-17
CPAI-2010-247
CriticalCritical Adobe Shockwave Player rcsL Chunk Pointer Offset Heap Overflow  25-Aug-10 CVE-2010-2867
APSB10-20
CPAI-2010-244
CriticalHigh Microsoft IIS Request Header Buffer Overflow 10-Jul-04 CVE-2010-2730
MS10-065
CPAI-2010-261
CriticalHigh Microsoft IIS Directory Authentication Bypass  14-Sep-10 CVE-2010-2731
MS10-065
CPAI-2010-262
CriticalHigh Microsoft IIS Repeated Parameter Request Denial of Service  14-Sep-10 CVE-2010-1899
MS10-065
CPAI-2010-260
CriticalHigh Microsoft Windows LSASS Malformed LDAP Messages Heap Overflow 14-Sep-10 CVE-2010-0820
MS10-053
CPAI-2010-230
CriticalHigh Adobe Shockwave Player DIRAPI.dll Denial of Service 25-Aug-10 CVE-2010-2865
APSB10-20
CPAI-2010-245
CriticalHigh Adobe Shockwave Player rcsL Chunk Symbol Access Violations  25-Aug-10 CVE-2010-2882
APSB10-20
CPAI-2010-254
CriticalHigh Adobe Shockwave Player MCsL Parsing Memory Corruption Vulnerabilities  25-Aug-10 CVE-2010-2864
APSB10-20
CVE-2010-2881
CPAI-2010-253
CriticalHigh Adobe Shockwave Player MMAP Size Memory Corruption 25-Aug-10 CVE-2010-2870
APSB10-20
CPAI-2010-250
CriticalHigh Adobe Shockwave Player MMAP Index Memory Corruption 25-Aug-10 CVE-2010-2880
APSB10-20
CPAI-2010-249
CriticalHigh Suspicious Characters in FTP User Names 18-Aug-10 CVE-2010-0542 SBP-2010-24
CriticalHigh Apple Mac OS X CoreGraphics Heap Overflow  29-Aug-10 CVE-2010-1801 CPAI-2010-255

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065