Two Remote Code Execution Vulnerabilities Reported in Windows Media Player
Two remote code execution vulnerabilities in Microsoft's Windows Media Player and Windows Media Center have been disclosed; one involves incorrect handling of DVR-MS media files, and the other concerns incorrect path restriction by DirectShow while loading DLLs. A remote attacker may exploit either of these vulnerabilities to take complete control of a vulnerable system. Check Point IPS Software Blade and NGX SmartDefense provide network protection against these vulnerabilities in the latest IPS update by detecting and blocking transferal of malformed DVR-MS files via HTTP, as well as the transferal of suspicious DLL files via CIFS and WebDAV protocols.
Learn More
.
Check Point IPS Provides Immediate Network Protection for Multiple Critical Adobe Vulnerabilities
Adobe has announced a number of critical Adobe Flash, Acrobat, and Reader vulnerabilities, all of which could be exploited by a remote attacker to allow execution of potentially malicious code on a targeted system. The Check Point IPS Software Blade provides network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to leverage them.
Learn More
.
Microsoft Groove 2007 Insecure Library Loading Vulnerability
A DLL preloading vulnerability has been reported in the popular Microsoft Groove 2007 collaboration tool that could be leveraged by a remote attacker to execute arbitrary code on a targeted system. Check Point IPS Software Blade and NGX SmartDefense provide network protection against this vulnerability in the latest IPS update by detecting and blocking the transferal of suspicious DLL files via CIFS and WebDAV protocols.
Learn More
.
| In This Advisory | |
| Top Protections | |
| • | Two Remote Code Execution Vulnerabilities Reported in Windows Media Player |
| • | Check Point IPS Provides Immediate Network Protection for Multiple Critical Adobe Vulnerabilities |
| • | Microsoft Groove 2007 Insecure Library Loading Vulnerability |
| Deployment Tip | |
| • | Improve Monitoring and Control with the New Application Control Software Blade |
| Highlighted Protections | |
| • | Including Patch Tuesday |
| Deployment Tip Improve Monitoring and Control with the New Application Control Software Blade New in the recently launched Check Point R75 release is the Application Control Software Blade, which offers granular control for over 100,000 applications and Web 2.0 social widgets. The new blade enables IT administrators to identify, allow, block or limit usage of thousands of applications by user or group. The blade delivers application visibility by leveraging the Check Point AppWiki, the world's largest application library.
The Check Point IPS and Application Control Software Blades use a common, minimum memory footprint, high performance signature engine that does a one pass inspection to detect malware and applications that have been allowed to pass through the Firewall Software Blade. While the IPS Software Blade has application control capabilities that can be used to block instant messaging and peer to peer applications for violating company policy, the Application Control Blade provides the industry's strongest application security and identity control with applications and social widgets from Facebook, LinkedIn and more. Both blades are updated by Check Point's Update Service, which continues to provide excellent threat protection for Microsoft, Adobe, and other vulnerabilities. |
» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
| Severity | Vulnerability Description | Check Point Protection Issued |
Industry Reference | Check Point Reference Number |
 Critical
|
Microsoft Windows Media Player DVR-MS Files Code Execution | 08-Mar-11 |
MS11-015 CVE-2011-0042 |
CPAI-2011-055 |
|
Critical
|
Microsoft Zero-Day Windows SMB mrxsmb.sys Remote Heap Overflow | 16-Feb-2011 | CVE-2011-0654 | CPAI-2011-018 |
|
Critical
|
Adobe Reader and Acrobat JPEG 2000 Embedded in PDF File Memory Corruption | 08-Mar-2011 |
APSB11-02 CVE-2011-0602 |
CPAI-2011-061 |
|
Critical
|
Adobe Flash Player ActionScript ASnative Function Memory Corruption | 08-Mar-2011 |
APSB11-02 CVE-2011-0559 |
CPAI-2011-058 |
|
Critical
|
Adobe Reader and Acrobat JPEG 2000 Embedded in PDF File Memory Corruption | 08-Mar-2011 |
APSB11-03 CVE-2011-0602 |
CPAI-2011-061 |
|
Critical
|
Adobe Reader and Acrobat External Entity Declaration Cross-Site Scripting | 23-Feb-11 |
APSB11-03 CVE-2011-0604 |
CPAI-2011-0038 |
|
Critical
|
Adobe Reader and Acrobat Crafted ICC Data in PDF File Integer Overflow | 23-Feb-11 |
APSB11-03 CVE-2011-0598 |
CPAI-2011-036 |
|
Critical
|
Adobe Reader and Acrobat Image Texture Malformed IFF File Memory Corruption | 23-Feb-11 |
APSB11-03 CVE-2011-0590 |
CPAI-2011-035 |
|
Critical
|
Adobe Reader and Acrobat Invalid Field Flags Values Memory Corruption | 23-Feb-2011 |
APSB11-03 CVE-2011-0589 |
CPAI-2011-034 |
|
Critical
|
Adobe Reader and Acrobat Crafted URI Action in PDF File Cross-Site Scripting | 23-Feb-2011 |
APSB11-03 CVE-2011-0587 |
CPAI-2011-033 |
|
Critical
|
HP OpenView Performance Insight Server Backdoor Account Code Execution | 01-Mar-11 | CVE-2011-0276 | CPAI-2011-040 |
|
Critical
|
Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow | 01-Mar-11 | CVE-2010-4299 | CPAI-2011-044 |
|
Critical
|
Symantec Alert Management System AMSSendAlertAck Stack Buffer Overflow | 23-Feb-2011 | CVE-2010-0110 | CPAI-2011-024 |
|
High
|
Microsoft Media Player ehtrace.dll Insecure Library Loading | 08-Mar-2011 |
MS11-015 CVE-2011-0032 |
CPAI-2011-054 |
|
High
|
Microsoft Groove 2007 mso.dll Insecure Library Loading | 08-Mar-2011 |
MS11-016 CVE-2010-3146 |
CPAI-2011-051 |
|
High
|
Microsoft Remote Desktop Client Insecure Library Loading | 08-Mar-2011 |
MS11-017 CVE-2011-0029 |
CPAI-2011-052 |
More Updates >
Have questions about IPS? Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted. |
Know someone who should be getting the Advisories? |
| » About the Check Point Update Services Check Point provides ongoing and real-time updates and configuration information through an update service included with the relevant subscriptions. Updates from Check Point's global Research and Response Centers increase the value of your Check Point products, and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. For more information, visit www.CheckPoint.com. |
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065