Check Point Security Advisory
»Top Protections

Critical Adobe Flash Player Remote Code Execution Vulnerability
( CVE-2011-0611, APSA11-02 )

A critical vulnerability has been identified in Adobe Flash Player that could cause a crash and potentially allow an attacker to take control of the affected system. It is already being exploited in the wild. Learn More .

Critical Microsoft WINS Service Memory Corruption Vulnerability
MS11-035, CVE-2011-1248 )

A critical remote code execution vulnerability has been discovered in Microsoft Windows Internet Naming Service. A remote attacker can exploit this vulnerability to take complete control over an affected system. Learn More .

Vulnerability Discovered in Microsoft PowerPoint
( MS11-036, CVE-2011-1269 , CVE-2011-1270 )

A remote code execution vulnerability has been identified in Microsoft PowerPoint. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation may allow execution of arbitrary code on a targeted system. Learn More .

May 10, 2011
In This Advisory
Top Protections
Critical Adobe Flash Player Remote Code Execution Vulnerability
Critical Microsoft WINS Service Memory Corruption Vulnerability
Vulnerability Discovered in Microsoft PowerPoint
Deployment Tip
Check Point security evangelist Tomer Teller talks about the recent Sony PSN Breach
Highlighted Protections
Including Patch Tuesday

Contact Us

IPS Software Blades

Learn About Our Endpoint Security

Update Services - Buy Now

Deployment Tip
Check Point security evangelist Tomer Teller talks about the recent Sony PSN Breach

The largest personal data breach in history happened recently, with approximately one hundred million Sony PlayStation Network and Sony Online Entertainment customers' credentials being stolen. Security Evangelist Tomer Teller makes these comments about the breach:

"We aren't yet sure if credit card numbers were stolen, but we do know that the usernames, emails and billing information were stolen. Even without credit card numbers, attackers now have 100 million email addresses for direct SPAM.

They can now tailor a specific message to each one of these Sony customers based on the information they now have. Unlike a standard spam message, which is usually very generic since the spammer has no clue who the person behind the email is, the attackers can now have all the information they require. The attackers can look that Sony subscriber up using social media sites (Facebook, Twitter, LinkedIn, etc.) and tailor a specific spam message that is based on the user preferences, traits etc. For example, if one of those 100 million users' Facebook page says that he likes cats and classical music, the attacker can craft a seemingly legitimate message that integrates these two pieces of information and create a sense of intimacy that is quite the opposite of a typical spam message.

Compare a standard spam message:

Dear Sir,
The new Viagra really works!

With this crafted spam message:
Dear Mr. Brown,
The new classical music collection is out there… Buy 2 and you get free food
for your cat Pinky! Click here to receive your free coupon.

This message looks less generic and the odds that Mr. Brown clicks on the link are much higher!"


» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Adobe Flash Player Remote Code Execution Vulnerability 21-Apr-2011 CVE-2011-0611 CPAI-2011-232
CriticalCritical Microsoft WINS Service Memory Corruption Vulnerability 10-May-2011 CVE-2011-1248 CPAI-2011-246
CriticalCritical Adobe Shockwave Player Remote Code Execution Vulnerability 27-Apr-2011 CVE-2010-2876 
CVE-2010-4192 
APSB11-01
CPAI-2011-243
CriticalCritical Multiple Products STARTTLS Plaintext Command Injection 05-May-2011 CVE-2011-0411 CPAI-2011-245
CriticalHigh Microsoft PowerPoint Memory Corruption Vulnerability 10-May-2011 CVE-2011-1269 CPAI-2011-247
CriticalHigh Adobe Shockwave Director tSAC chunk invalid seek memory corruption 27-Apr-2011 CVE-2010-2875
APSB10-20
CPAI-2011-241
CriticalHigh Multiple Vendors - Malformed ZIP Archive Anti-virus Detection Bypass 27-Apr-2011 CPAI-2011-235
CriticalHigh Adobe Flash Player ActionScript callMethod Type Confusion Code Execution 21-Apr-2011 CVE-2011-0611 CPAI-2011-232
CriticalHigh Squid WCCP Message Receive Buffer Overflow 21-Apr-2011 CVE-2005-0211 CPAI-2011-237

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information through an update service included with the relevant subscriptions. Updates from Check Point's global Research and Response Centers increase the value of your Check Point products, and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065