»Top Protections

Abobe Flash Player 0-day Vulnerability
(APSA10-01, CVE-2010-1297)

A critical remote code execution vulnerability that is being exploited in the wild has been reported in Adobe Flash Player 10.0.45.2 and earlier versions. Flash Player is a widely used multimedia and application player used in Windows, Macintosh, Linux and Solaris operating systems. A remote attacker may exploit this vulnerability to take complete control of the affected system. The Check Point IPS Software Blade detects and blocks attempts to exploit this vulnerability. More information.

IPS Research Team Discovers Critical Syslog Format String Vulnerability
(CVE-2010-1039)

A critical format string vulnerability in the rpc.pcnfsd service within several systems was discovered by a member of the Check Point IPS Research Team. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. Check Point IPS-1 has provided preemptive protection against this vulnerability since January 2003 and the integrated IPS products SmartDefense and the IPS Software Blade provide immediate protection in the latest IPS update by detecting and blocking malformed RPC requests. More information.

SMB Remote Disk Scanning for Executable Files Protection

Some malware like virus Win32.Pate.A and its variants spread from one infected system to another by sending Server Message Block (SMB) requests for lists of executable files on shared disks. When the files are identified the virus is then capable of modifying the files to infect the target system. Check Point integrated IPS products detect and block aggressive attempts to retrieve the list of executable files on remote SMB drives. More information.
June 8, 2010
In This Advisory» Top ProtectionsAbobe Flash Player 0-day VulnerabilityIPS Research Team Discovers Critical Syslog Format String VulnerabilitySMB Remote Disk Scanning for Executable Files Protection» Deployment TipUnify IPS Protection Management» Highlighted ProtectionsIncluding Patch Tuesday







Deployment Tip
Best Practice: Unify IPS Protection Management
Whether you decide to go with the integrated IPS Software Blade, the dedicated IPS-1 product, or desire an extra layer of protection and choose to use both solutions together, R71 Security Management provides unified protection management for both Check Point IPS products. For example consider one of the Critical Microsoft SMB Client Vulnerabilities announced in April.

To find the relevant protections:
  1. In the IPS tab, select the Protections branch in the left menu
  2. In Look for enter CVE-2010-0476 and the relevant protections for IPS Blade and IPS-1 appear in the Protections list
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

SeverityVulnerability DescriptionCheck Point Protection
IssuedIndustry ReferenceCheck Point Reference
NumberCriticalAdobe Flash Player authplay.dll Component Code Execution07-Jun-10CVE-2010-1297CPAI-2010-206CriticalMultiple Vendors rpc.pcnfsd Syslog Format String Vulnerability17-May-10CVE-2010-1039CPAI-2010-082CriticalMicrosoft Internet Explorer CStyleSheet Uninitialized Memory Corruption08-Jun-10CVE-2010-1259
MS10-035
CVE-2010-1262CPAI-2010-087CriticalMultiple Vendors OPIE Off-by-one Stack Buffer Overflow 30-Mar-06CVE-2010-1938CPAI-2010-204CriticalMicrosoft DirectShow MJPEG Crafted Segments Code Execution 08-Jun-10CVE-2010-1880
MS10-033CPAI-2010-205CriticalMultiple Adobe Shockwave Player and Adobe Director Vulnerabilities17-May-10APSB10-12SBP-2010-19CriticalOpenSSL TLS Connection Record Handling Denial of Service 17-May-10CVE-2010-0740CPAI-2010-080CriticalApple Safari CSS format Argument Handling Memory Corruption14-May-10CVE-2010-0046CPAI-2010-131HighSMB Remote Disk Scanning for Executable Files Protection26-May-10SBP-2010-20HighVirus: Win32.Pate.A17-May-10CPAI-2010-081HighMicrosoft SharePoint XSS Vulnerability05-May-10CVE-2010-0817
MS Advisory (983438)CPAI-2010-074HighMicrosoft Excel ExternSheet Record String Length Stack Overrun 08-Jun-10CVE-2010-1252
MS10-038CPAI-2010-202HighMicrosoft Excel OBJ Record Stack Overflow 08-Jun-10CVE-2010-0822
MS10-038CPAI-2010-094HighAdobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities 15-Mar-05CVE-2009-3467
APSB10-11
CVE-2010-1293CPAI-2010-079HighMicrosoft Windows Canonical Display Driver Denial of Service 20-May-10CVE-2009-3678
MS Advisory (2028859)CPAI-2010-083HighTrojan.Sasfis26-May-10CPAI-2010-085
More Updates > Have questions about IPS?
Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.Know someone who should be getting the Advisories?

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065