»Top Protections
Zero-Day Internet Explorer Table Handling Memory Corruption Vulnerability
( Microsoft Security Advisory 2458511, CVE-2010-3962 )

Summary:
A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands.
Protection: Check Point IPS Software Blade and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking attempts to exploit this issue. Learn More .

Check Point IPS Research Team Discovers Four Adobe Shockwave Player Vulnerabilities
( APSB10-25, CVE-2010-4086, CVE-2010-4087, CVE-2010-4088, CVE-2010-4089 )

Summary: Adobe has released a security advisory that details several critical vulnerabilities in Shockwave Player, four of which were discovered by the Check Point IPS Research Team. A remote attacker can exploit these issues via specially crafted DIR files and potentially take complete control of an affected system.
Protection: Check Point R70/71 IPS Software Blade provides immediate protection of unpatched systems by detecting malformed Adobe DIR files and blocking their transfer over HTTP. Learn More .

Remote Code Exploit Leverages Legacy PowerPoint Files
( MS10-088, CVE-2010-2572 )

Summary: A remote code execution vulnerability has been identified in Microsoft PowerPoint. An attacker could exploit this issue by convincing a user to open a malformed PowerPoint file. Successful exploitation of this vulnerability may allow execution of arbitrary code on the targeted system.
Protection: Check Point IPS Software Blade and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking the transferal of legacy PowerPoint files over HTTP. Learn More .

November 9, 2010
In This Advisory
» Top Protections
Zero-Day Internet Explorer Table Handling Memory Corruption Vulnerability
Check Point IPS Research Team Discovers Four Adobe Shockwave Player Vulnerabilities
Remote Code Exploit Leverages Legacy PowerPoint Files
» Deployment Tip
Use Timeline View to Assess and Respond
» Highlighted Protections
Including Patch Tuesday









Deployment Tip
Best Practice: Use Timeline View to Assess and Respond
SmartEvent provides several real-time views to help you quickly understand and act on security events. In the Timeline View, events are consolidated and displayed by event count, severity, and frequency over the event period. The frequency of events is displayed in "time wheels" along each timeline.


Each time wheel shows the severity of events by color, and the number of events by the thickness of the wheel.
Timelines are queries that present important recent events such as IPS and DLP. Each timeline displays up to one million events for a particular query over the specified Time Frame. Colors in each time wheel represent the severity of the events.
Timelines view allows you to
  • Modify the predefined queries or add new ones of your own
  • Choose a Time Frame for which events are displayed in the Timeline View
  • Modify the Time Resolution of the Time Wheels to the show frequency of the events
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity
Vulnerability Description
Check Point Protection
Issued
Industry Reference
Check Point Reference
Number
Critical
Adobe Flash Player Flash Content Parsing Code Execution
01-Nov-10
APSA10-05
APSB10-26
CVE-2010-3654


CPAI-2010-304

Critical
Adobe Shockwave Director rcsL Chunk Remote Code Execution
27-Oct-10
APSB10-04

CVE-2010-3653
CPAI-2010-299
Critical
Adobe Reader and Acrobat Image Parsing Input Validation Code Execution
21-Oct-10
APSB10-21

CVE-2010-3620
CPAI-2010-296
High
Microsoft Internet Explorer Table Handling Memory Corruption Vulnerability
07-Nov-10
Microsoft Security Advisory (2458511)

CVE-2010-3962
CPAI-2010-310
High
Blocking Legacy PowerPoint Files
09-Nov-10
MS10-088

CVE-2010-2572
SBP-2010-30
High
Microsoft PowerPoint DLL Planting Code Execution
09-Nov-10
MS10-087

CVE-2010-3337
CPAI-2010-311
High
Microsoft Office RTF Stack Buffer Overflow
09-Nov-10
MS10-087

CVE-2010-3333
CPAI-2010-309
High
Microsoft Office Excel Drawing Exception Handling Code Execution
09-Nov-10
MS10-087

CVE-2010-3335
CPAI-2010-307
High
Microsoft Office PowerPoint Integer Underflow Heap Corruption
09-Nov-10
MS10-088

CVE-2010-2573
CPAI-2010-305
High
Microsoft Internet Explorer Table Handling Memory Corruption
09-Nov-10
2458511

CVE-2010-3962
CPAI-2010-310
High
Adobe Shockwave Player Duplicate LSCM Records Memory Corruption
28-Oct-10
APSB10-25

CVE-2010-4089
CPAI-2010-303
High
Adobe Shockwave Player Duplicate Keys Memory Corruption
28-Oct-10
APSB10-25

CVE-2010-4088
CPAI-2010-302
High
Adobe Shockwave Player CSWV Record Length Memory Corruption
28-Oct-10
APSB10-25

CVE-2010-4087
CPAI-2010-301
High
Adobe Shockwave Player MMAP Entry Size Memory Corruption
28-Oct-10
APSB10-25

CVE-2010-4086
CPAI-2010-300
High
Adobe Reader ACE.dll ICC Stream mluc Structure Integer Overflow
27-Oct-10
APSB10-21

CVE-2010-3622
CPAI-2010-298
High
Oracle Java Internet Explorer Browser Stack Buffer Overflow
21-Oct-10

CVE-2010-3552


CPAI-2010-297


More Updates >
Have questions about IPS?
Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point's global Research and Response Centers. For more information, visit www.CheckPoint.com.