»Top Protections
Two Remote Code Execution Vulnerabilities Reported in Windows Media Player
Two remote code execution vulnerabilities in Microsoft's Windows Media Player and Windows Media Center have been disclosed; one involves incorrect handling of DVR-MS media files, and the other concerns incorrect path restriction by DirectShow while loading DLLs. A remote attacker may exploit either of these vulnerabilities to take complete control of a vulnerable system. Check Point IPS Software Blade and NGX SmartDefense provide network protection against these vulnerabilities in the latest IPS update by detecting and blocking transferal of malformed DVR-MS files via HTTP, as well as the transferal of suspicious DLL files via CIFS and WebDAV protocols. Learn More .
Check Point IPS Provides Immediate Network Protection for Multiple Critical Adobe Vulnerabilities
Adobe has announced a number of critical Adobe Flash, Acrobat, and Reader vulnerabilities, all of which could be exploited by a remote attacker to allow execution of potentially malicious code on a targeted system. The Check Point IPS Software Blade provides network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to leverage them. Learn More .
Microsoft Groove 2007 Insecure Library Loading Vulnerability
A DLL preloading vulnerability has been reported in the popular Microsoft Groove 2007 collaboration tool that could be leveraged by a remote attacker to execute arbitrary code on a targeted system. Check Point IPS Software Blade and NGX SmartDefense provide network protection against this vulnerability in the latest IPS update by detecting and blocking the transferal of suspicious DLL files via CIFS and WebDAV protocols. Learn More .
In This AdvisoryMarch 8, 2011
Top Protections
Two Remote Code Execution Vulnerabilities Reported in Windows Media Player
Check Point IPS Provides Immediate Network Protection for Multiple Critical Adobe Vulnerabilities
Microsoft Groove 2007 Insecure Library Loading Vulnerability
Deployment Tip
Improve Monitoring and Control with the New Application Control Software Blade
Highlighted Protections
Including Patch Tuesday
Deployment Tip
Best Practice: Improve Monitoring and Control with the New Application Control Software Blade
New in the recently launched Check Point R75 release is the Application Control Software Blade, which offers granular control for over 100,000 applications and Web 2.0 social widgets. The new blade enables IT administrators to identify, allow, block or limit usage of thousands of applications by user or group. The blade delivers application visibility by leveraging the Check Point AppWiki, the world's largest application library.
The Check Point IPS and Application Control Software Blades use a common, minimum memory footprint, high performance signature engine that does a one pass inspection to detect malware and applications that have been allowed to pass through the Firewall Software Blade. While the IPS Software Blade has application control capabilities that can be used to block instant messaging and peer to peer applications for violating company policy, the Application Control Blade provides the industry's strongest application security and identity control with applications and social widgets from Facebook, LinkedIn and more. Both blades are updated by Check Point's Update Service, which continues to provide excellent threat protection for Microsoft, Adobe, and other vulnerabilities.
» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
SeverityVulnerability DescriptionCheck Point Protection
IssuedIndustry ReferenceCheck Point Reference
NumberCritical
Microsoft Windows Media Player DVR-MS Files Code Execution
MS11-01508-Mar-11
CVE-2011-0042
CPAI-2011-055
Microsoft Zero-Day Windows SMB mrxsmb.sys Remote Heap Overflow
CVE-2011-065416-Feb-2011
CPAI-2011-018
Adobe Reader and Acrobat JPEG 2000 Embedded in PDF File Memory Corruption
APSB11-0208-Mar-2011
CVE-2011-0602
CPAI-2011-061
Adobe Flash Player ActionScript ASnative Function Memory Corruption
APSB11-0208-Mar-2011
CVE-2011-0559
CPAI-2011-058
Adobe Reader and Acrobat JPEG 2000 Embedded in PDF File Memory Corruption
APSB11-0308-Mar-2011
CVE-2011-0602
CPAI-2011-061
Adobe Reader and Acrobat External Entity Declaration Cross-Site Scripting
APSB11-0323-Feb-11
CVE-2011-0604
CPAI-2011-0038
Adobe Reader and Acrobat Crafted ICC Data in PDF File Integer Overflow
APSB11-0323-Feb-11
CVE-2011-0598
CPAI-2011-036
Adobe Reader and Acrobat Image Texture Malformed IFF File Memory Corruption
APSB11-0323-Feb-11
CVE-2011-0590
CPAI-2011-035
Adobe Reader and Acrobat Invalid Field Flags Values Memory Corruption
APSB11-0323-Feb-2011
CVE-2011-0589
CPAI-2011-034
Adobe Reader and Acrobat Crafted URI Action in PDF File Cross-Site Scripting
APSB11-0323-Feb-2011
CVE-2011-0587
CPAI-2011-033
HP OpenView Performance Insight Server Backdoor Account Code Execution
CVE-2011-027601-Mar-11
CPAI-2011-040
Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow
CVE-2010-429901-Mar-11
CPAI-2011-044
Symantec Alert Management System AMSSendAlertAck Stack Buffer Overflow
CVE-2010-011023-Feb-2011
CPAI-2011-024
Microsoft Media Player ehtrace.dll Insecure Library Loading
MS11-01508-Mar-2011
CVE-2011-0032
CPAI-2011-054
Microsoft Groove 2007 mso.dll Insecure Library Loading
MS11-01608-Mar-2011
CVE-2010-3146
CPAI-2011-051
Microsoft Remote Desktop Client Insecure Library Loading
MS11-01708-Mar-2011
CVE-2011-0029
CPAI-2011-052
More Updates >
Have questions about IPS?
Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point's global Research and Response Centers. For more information, visit www.CheckPoint.com.
Read Check Point's Privacy Policy
©2003-2011 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065
Results 1 to 1 of 1
-
2011-03-22 #1
Founder
- Join Date
- 2005-08-11
- Location
- San Francisco, CA
- Posts
- 1,395
- Rep Power
- 19
2011-03-08 Check Point Security Advisory
Barry J. Stiefel ("Stee-ful" or "Shtee-ful")
B.S., MBA, CCSA/CCSE/CCSE+/CCSI
Resilience RCSE/RCSI, Fortinet FCSE
CISSP, MCSE, NSA ISM
Founder of CPUG
Founder of CPUG University
Reply With QuoteSimilar Threads
-
2011-03-23 Check Point IPS Webinar
By Barry J. Stiefel in forum OtherReplies: 0Last Post: 2011-03-22, 01:56 -
2010-03-10 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-12-27, 15:57 -
2010-08-25 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-08-25, 23:04 -
2010-03-09 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-08-12, 01:48 -
2010-06-08 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-08-12, 01:45
Bookmarks