Check Point Advisories

Security Best Practice: Familiarize Yourself with the Malicious Code Protector

Check Point Reference: SBP-2006-22
Date Published: 16 Jul 2006
Severity: Critical
Last Updated: Sunday 01 January, 2006
Source: SmartDefense Research Center
Protection Provided by:
Who is Vulnerable? Web servers
Web applications
Vulnerability Description Malicious Code Protector is a patent-pending technology from Check Point designed to detect buffer overflow attacks. Malicious Code Protector provides highly accurate and efficient detection of attacks through an analysis of executable code in a Virtual Server environment. Designed to detect even previously unknown attacks, customers gain protection for their applications before vulnerability can be exploited and before an attack can infect the target.
Vulnerability DetailsBuffer overflow attacks target the way host machines handle input data and memory space. When an application is running on a host machine it allocates a certain portion of memory (the buffer) for input data to be placed. The problem arises, because while the buffer used by the application is a fixed size, the application itself may not restrict the amount of data that can be input into the buffer. For example, a programmer may expect data to be less than 26 bytes and will allocate the appropriate amount of memory. However, a user may input 27 bytes of data. The result is the application writes more data than is allocated in the buffer (the overflow) and corrupts the memory.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK