Check Point Security Advisory
»Top Protections

Critical Remote Code Execution Vulnerability in Adobe Flash Player
Adobe Security Bulletin APSB12-22, CVE-2012-5268 ) A vulnerability that could allow a remote attacker to take control of a targeted system has been discovered in Flash Player. The Check Point IPS Software Blade provides network-level protection for unpatched systems. Learn More .

Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
(Microsoft Security Bulletin MS13-002, CVE-2013-0007 ) A remote code execution vulnerability in the XML Core Services in Windows could allow a remote attacker to execute malicious code on a targeted system. The Check Point IPS Software Blade protects systems at the network level against this issue. Learn More .

SSL/TLS Security Feature Bypass Vulnerability Reported in Microsoft Windows
( Microsoft Security Bulletin MS13-006, CVE-2013-0013 ) A vulnerability in the way Windows handles SSL/TLS session version negotiation could allow an attacker to downgrade an SSL/TLS connection to SSL version 2, which supports weak encryption cyphers. The Check Point IPS Software Blade protects systems against this issue at the network level by blocking attempts to exploit it. Learn More .

January 09, 2013
In This Advisory
Top Protections
Critical Remote Code Execution Vulnerability in Adobe Flash Player
Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
SSL/TLS Security Feature Bypass Vulnerability Reported in Microsoft Windows
Highlighted Protections
Including Patch Tuesday

Contact Us

IPS Software Blades

Learn About Our Endpoint Security

SmartDefense Microsoft Security Resources

» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Internet Explorer Heap Spray Memory Corruption 30-Dec-2012 CVE-2012-4792 CPAI-2012-1336
CriticalCritical Sophos Anti-Virus PDF Handling Stack Buffer Overflow 30-Dec-2012 CPAI-2012-830
CriticalCritical Adobe Flash Player JPEG Parsing Buffer Overflow 30-Dec-2012 CVE-2012-5267 CPAI-2012-1314
CriticalCritical Adobe Flash Player SWF Traits Structure Remote Code Execution 30-Dec-2012 CVE-2012-5678 CPAI-2012-1302
CriticalCritical Adobe Flash Player PCM File Integer Overflow 30-Dec-2012 CVE-2012-5677 CPAI-2012-1301
CriticalCritical Adobe Flash Player and AIR SWF File Buffer Overflow 30-Dec-2012 CVE-2012-5676 CPAI-2012-1300
CriticalCritical Adobe Flash Player and AIR Malformed Tag Buffer Overflow 30-Dec-2012 CVE-2012-5266 CPAI-2012-1288
CriticalCritical Adobe Flash Player Out of Bound Memory Corruption 30-Dec-2012 CVE-2012-5269 CPAI-2012-1253
CriticalCritical Adobe Flash Player Type Confusion Remote Code Execution 30-Dec-2012 CVE-2012-5270 CPAI-2012-1136
CriticalCritical Adobe Flash Player and AIR Security Bypass 30-Dec-2012 CVE-2012-5278 CPAI-2012-1135
CriticalCritical Adobe Flash Player Plugin Use-After-Free Code Execution 30-Dec-2012 CVE-2012-5272 CPAI-2012-1134
CriticalHigh Microsoft System Center Operations Manager Cross-Site Scripting 08-Jan-2013 CVE-2013-0009 CPAI-2012-1340
CriticalHigh Microsoft SCOM Web Console Cross-Site Scripting 08-Jan-2013 CVE-2013-0010 CPAI-2012-1347

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information through an update service included with the relevant subscriptions. Updates from Check Point's global Research and Response Centers increase the value of your Check Point products, and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. For more information, visit www.CheckPoint.com.
Read Check Point's Privacy Policy
©2003-2014 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
959 Skyway Rd, Suite 300, San Carlos, CA 94070