Check Point Security Advisory
»Top Protections

Two Remote Code Execution Vulnerabilities Reported in Windows Media Player
Two remote code execution vulnerabilities in Microsoft's Windows Media Player and Windows Media Center have been disclosed; one involves incorrect handling of DVR-MS media files, and the other concerns incorrect path restriction by DirectShow while loading DLLs. A remote attacker may exploit either of these vulnerabilities to take complete control of a vulnerable system. Check Point IPS Software Blade and NGX SmartDefense provide network protection against these vulnerabilities in the latest IPS update by detecting and blocking transferal of malformed DVR-MS files via HTTP, as well as the transferal of suspicious DLL files via CIFS and WebDAV protocols. Learn More .

Check Point IPS Provides Immediate Network Protection for Multiple Critical Adobe Vulnerabilities
Adobe has announced a number of critical Adobe Flash, Acrobat, and Reader vulnerabilities, all of which could be exploited by a remote attacker to allow execution of potentially malicious code on a targeted system. The Check Point IPS Software Blade provides network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to leverage them. Learn More .

Microsoft Groove 2007 Insecure Library Loading Vulnerability
A DLL preloading vulnerability has been reported in the popular Microsoft Groove 2007 collaboration tool that could be leveraged by a remote attacker to execute arbitrary code on a targeted system. Check Point IPS Software Blade and NGX SmartDefense provide network protection against this vulnerability in the latest IPS update by detecting and blocking the transferal of suspicious DLL files via CIFS and WebDAV protocols. Learn More .

March 8, 2011
In This Advisory
Top Protections
Two Remote Code Execution Vulnerabilities Reported in Windows Media Player
Check Point IPS Provides Immediate Network Protection for Multiple Critical Adobe Vulnerabilities
Microsoft Groove 2007 Insecure Library Loading Vulnerability
Deployment Tip
Improve Monitoring and Control with the New Application Control Software Blade
Highlighted Protections
Including Patch Tuesday

Contact Us

IPS Software Blades

Learn About Our Endpoint Security

Resources for Messaging Security

SmartDefense Microsoft Security Resources

Update Services - Buy Now

Deployment Tip
Improve Monitoring and Control with the New Application Control Software Blade
New in the recently launched Check Point R75 release is the Application Control Software Blade, which offers granular control for over 100,000 applications and Web 2.0 social widgets. The new blade enables IT administrators to identify, allow, block or limit usage of thousands of applications by user or group. The blade delivers application visibility by leveraging the Check Point AppWiki, the world's largest application library.

AppWiki image

The Check Point IPS and Application Control Software Blades use a common, minimum memory footprint, high performance signature engine that does a one pass inspection to detect malware and applications that have been allowed to pass through the Firewall Software Blade. While the IPS Software Blade has application control capabilities that can be used to block instant messaging and peer to peer applications for violating company policy, the Application Control Blade provides the industry's strongest application security and identity control with applications and social widgets from Facebook, LinkedIn and more. Both blades are updated by Check Point's Update Service, which continues to provide excellent threat protection for Microsoft, Adobe, and other vulnerabilities.


» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Microsoft Windows Media Player DVR-MS Files Code Execution 08-Mar-11 MS11-015 
CVE-2011-0042
CPAI-2011-055
CriticalCritical Microsoft Zero-Day Windows SMB mrxsmb.sys Remote Heap Overflow 16-Feb-2011 CVE-2011-0654 CPAI-2011-018
CriticalCritical Adobe Reader and Acrobat JPEG 2000 Embedded in PDF File Memory Corruption 08-Mar-2011 APSB11-02
CVE-2011-0602
CPAI-2011-061
CriticalCritical Adobe Flash Player ActionScript ASnative Function Memory Corruption 08-Mar-2011 APSB11-02
CVE-2011-0559
CPAI-2011-058
CriticalCritical Adobe Reader and Acrobat JPEG 2000 Embedded in PDF File Memory Corruption 08-Mar-2011 APSB11-03
CVE-2011-0602
CPAI-2011-061
CriticalCritical Adobe Reader and Acrobat External Entity Declaration Cross-Site Scripting 23-Feb-11 APSB11-03
CVE-2011-0604
CPAI-2011-0038
CriticalCritical Adobe Reader and Acrobat Crafted ICC Data in PDF File Integer Overflow 23-Feb-11 APSB11-03
CVE-2011-0598
CPAI-2011-036
CriticalCritical Adobe Reader and Acrobat Image Texture Malformed IFF File Memory Corruption 23-Feb-11 APSB11-03
CVE-2011-0590
CPAI-2011-035
CriticalCritical Adobe Reader and Acrobat Invalid Field Flags Values Memory Corruption 23-Feb-2011 APSB11-03
CVE-2011-0589
CPAI-2011-034
CriticalCritical Adobe Reader and Acrobat Crafted URI Action in PDF File Cross-Site Scripting 23-Feb-2011 APSB11-03
CVE-2011-0587
CPAI-2011-033
CriticalCritical HP OpenView Performance Insight Server Backdoor Account Code Execution 01-Mar-11 CVE-2011-0276 CPAI-2011-040
CriticalCritical Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow 01-Mar-11 CVE-2010-4299 CPAI-2011-044
CriticalCritical Symantec Alert Management System AMSSendAlertAck Stack Buffer Overflow 23-Feb-2011 CVE-2010-0110 CPAI-2011-024
CriticalHigh Microsoft Media Player ehtrace.dll Insecure Library Loading 08-Mar-2011 MS11-015
CVE-2011-0032
CPAI-2011-054
CriticalHigh Microsoft Groove 2007 mso.dll Insecure Library Loading 08-Mar-2011 MS11-016
CVE-2010-3146
CPAI-2011-051
CriticalHigh Microsoft Remote Desktop Client Insecure Library Loading 08-Mar-2011 MS11-017
CVE-2011-0029
CPAI-2011-052

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information through an update service included with the relevant subscriptions. Updates from Check Point's global Research and Response Centers increase the value of your Check Point products, and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065