Check Point Advisories

Security Best Practice: SmartDefense Content Protection Defenses

Check Point Reference: SBP-2006-13
Date Published: 4 Dec 2006
Severity: Critical
Last Updated: 8 May 2007
Source: Microsoft Security Bulletin MS04-028
Microsoft Security Bulletin MS05-002
Microsoft Security Bulletin MS06-002
Microsoft Security Bulletin MS06-004
Microsoft Security Bulletin MS06-022
Industry Reference:CVE-2005-1219
CVE-2006-0006
CVE-2006-0010
CVE-2006-0025
CVE-2006-2378
CVE-2006-3431
Protection Provided by:
Who is Vulnerable? Microsoft Windows operating systems
Vulnerability Description The Content Protection defenses allow users of VPN-1 NGX R62, R61 and R60 to block malicious content over multiple protocols. The protection includes well known file types such as popular image files and Microsoft Office files that are prone to denial of service and remote code execution vulnerabilities.

The Content Protection defenses have been updated, enhanced and improved. It is advised to update your VPN-1 product to the latest SmartDefense update in order for the changes to take effect.
Vulnerability DetailsThe following protections are available through the Content Protection defense:

1. Malformed ANI file - ANI is a Windows Animated cursor file format. Specially crafted ANI files may be used to create a denial of service condition and in some cases, arbitrary code execution.

2. Malformed GIF - GIF is a very popular image file format. Specially crafted GIF files may be used to create a denial of service condition and in some cases, arbitrary code execution when parsed by Mozilla or FireFox browsers.
 
3. Malformed JPEG - JPEG is a very popular image file format. Specially crafted JPEG files may be used to create a denial of service condition and in some cases, arbitrary code execution.

4. Block Office files - Several vulnerabilities exist in the way Microsoft Office handle certain features. With a carefully crafted Microsoft Office file (Word, Excel, Power Point), an attacker can execute remote code on an affected system. For more information regarding this protection go to SBP-2006-06.

5. Malformed BMP file - BMP is a very popular image file format. A vulnerability in the way Microsoft Windows Media Player handles Bitmap images could allow remote code execution.

6. Block EOT files - A vulnerability in Embedded Web Fonts Could Allow Remote Code Execution.

7. Malformed TIFF - TIFF is a very popular image file format. Specially crafted TIFF files may be used to create arbitrary code execution. 

8. Malformed AVI - Audio Video Interleave (AVI) is a popular video file format. Specially crafted AVI files may be used to create a denial of service condition and in some cases, arbitrary code execution.

9. Malformed PNG - Portable Network Graphics (PNG) is a popular image file format.  Specially craf

Protection Overview

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO