New SmartDefense Updates

Email lists > CheckPoint SmartDefense Info

Thread: New SmartDefense Updates

Search this list only Search all lists
New SmartDefense Updates
Israel	2008-03-26 09:53:49
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Greetings, New SmartDefense Updates have been released today, March 26, 2008 for users of VPN-1 NGX R65, R62, R61, R60, and users of InterSpect NGX. Microsoft Office Web Components Code Execution Protection (MS08-017) Overview: A remote code execution vulnerability has been reported in Microsoft Office Web Components. Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system. By enabling this protection, SmartDefense will detect and block attempts to exploit this vulnerability. For more information, refer to CPAI-2008-035 at http://www.checkpoint.com/defense/advis ories/public/2008/cpai-06-Mar.html Microsoft Outlook Crafted URI Code Execution Protection (MS08-015) Overview: A remote code execution vulnerability has been reported in Microsoft Office Outlook. Microsoft Office Outlook is a personal information manager that provides an e-mail application, a calendar and task and contact management. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web site. Successful exploitation could result in execution of arbitrary code on the affected system. By enabling this protection, SmartDefense will detect and block any attempt to exploit this vulnerability. For more information, refer to CPAI-2008-036 at http://www.checkpoint.com/defense/advi sories/public/2008/cpai-06-Mara.html Microsoft Excel Data Validation Record Protection (MS08-014) Overview: A remote code execution vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. By enabling this protection, SmartDefense will detect and block the transferring of malformed Excel files over HTTP. For more information, refer to CPAI-2008-037 at http://www.checkpoint.com/defense/advi sories/public/2008/cpai-06-Marb.html Microsoft Office Cell Parsing Memory Corruption Protection (MS08-016) Overview: A memory corruption vulnerability has been identified in Microsoft Office. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. By enabling this protection, SmartDefense will detect and block the transferring of malformed Excel files over HTTP. For more information, refer to CPAI-2008-038 at http://www.checkpoint.com/defense/advi sories/public/2008/cpai-06-Marc.html Microsoft Office PowerPoint Memory Corruption Protection (MS08-016) Overview: A remote code execution vulnerability has been reported in Microsoft Office. A remote attacker could exploit this issue via a malformed PowerPoint file. Microsoft PowerPoint is a popular presentation program. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. By enabling this protection, SmartDefense will detect and block the transferring of malformed PowerPoint files over HTTP. For more information, refer to CPAI-2008-039 at http://www.checkpoint.com/defense/advi sories/public/2008/cpai-06-Mard.html Microsoft Excel Conditional Formatting Protection (MS08-014) Overview: A remote code execution vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. By enabling this protection, SmartDefense will detect and block the transferring of malformed Excel files over HTTP. For more information, refer to CPAI-2008-041 at http://www.checkpoint.com/defense/advis ories/public/2008/cpai-09-Mar.html Microsoft Excel Formula Parsing Protection (MS08-014) Overview: A remote code execution vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. By enabling this protection, SmartDefense will detect and block the transferring of malformed Excel files over HTTP. For more information, refer to CPAI-2008-042 at http://www.checkpoint.com/defense/advi sories/public/2008/cpai-09-Mara.html Microsoft Excel Rich Text Validation Protection (MS08-014) Overview: A remote code execution vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. By enabling this protection, SmartDefense will detect and block the transferring of malformed Excel files over HTTP. For more information, refer to CPAI-2008-043 at http://www.checkpoint.com/defense/advis ories/public/2008/cpai-10-Mar.html Microsoft Excel Style Record Protection (MS08-014) Overview: A remote code execution vulnerability has been identified in the way Microsoft Excel handles Style record data. Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. By enabling this protection, SmartDefense will detect and block the transferring of malformed Excel files over HTTP. For more information, refer to CPAI-2008-044 at http://www.checkpoint.com/defense/advi sories/public/2008/cpai-10-Mara.html Workaround for Multiple Microsoft Symbolic Link Files Vulnerabilities (MS08-014) Overview: A remote code execution vulnerability was reported in the way Microsoft Excel imports Symbolic Link (SYLK) files into Excel. Symbolic Link (SYLK) is a Microsoft file format typically used for exchanging data between applications, particularly spreadsheets. SYLK files conventionally have a .slk suffix. Successful exploitation of this vulnerability may allow a remote attacker to take complete control of an affected system. By enabling this protection, SmartDefense will detect and block the transferring of SYLK files over HTTP. For more information, refer to SBP-2008-04 at http://www.checkpoint.com/defense/adviso ries/public/2008/sbp-06-Mar.html Protections against Recent Malware Threats (26-Mar-08) Overview: Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. The update enables the Header Rejection protection to detect and block the malware based on pre-defined header names. For more information, refer to CPAI-2008-045 at http://www.checkpoint.com/defense/advis ories/public/2008/cpai-23-Mar.html Links to the recent SmartDefense Advisories are available at: http://www.checkpoint.com/defense/advisories/pub lic/summary.html Read more about SmartDefense Service at: http://www.checkpoint.com/defense/advisories/pu blic/overview.html To sign-up to the mailing list, send an email to listservamadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. To unsubscribe from this list, send an email to listservamadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" In the email body. As always, please feel free to contact us directly if you have any comments or questions (sda-infoCheckPoint.com). -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wsBVAwUBR+pjeqy7i8j/RTzHAQj+LAf8DEANjOLpVdRd9suDSEExeE43bq+C Z+P4 d9MaGzvu5ZYIRo0ra8tJ6UNs86UCarn5NWGXFCPeNc6KgPQ/W4io6y6K86QF ywec Yedh4Q7i10ng+mWIQDF8GZtlZD4DIgDIkM+bBy/oYZ/XJtk8ycBUD6zbJTKr 0ZwD 9aQrXv371m4RpzY3LL78HRSpAHpbWJOJUKVvI6mgAa87mkkaZmkpgWvNOda/ 7fXp ZHjiwgZMn9RG+IHmDMt4RkY2rbUEWLwvgsu5tXUzy/hzLv3zcVy6Sq0epM3K p/5r Sr6SqS52id56A2urtO7gO/JQlaZshWnjFjDCDd5z6UlFelg+18nKdQ== =pAWY -----END PGP SIGNATURE-----

[1]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists