Check Point Advisories

Adobe Download Manager getPlus ActiveX Control Buffer Overflow (APSB10-02; CVE-2009-3958)

Vulnerability
Protection

Check Point Reference:	CPAI-2010-009
Date Published:	17 May 2010
Severity:	High
Last Updated:	Sunday 15 December, 2013
Source:
Industry Reference:	CVE-2009-3958
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	Adobe Download Manager (DLM) is a small application that is used to deliver Adobe products over the Internet. It contains licensed technology from NOS Microsystems called "getPlus" to support the transfer of information between Adobe.com and a connected user. A stack buffer overflow vulnerability exists in Adobe Download Manager that can allow arbitrary code execution. A remote attacker can exploit this vulnerability by enticing affected users to open a malicious web page in a vulnerable version of the product. Successful exploitation of this issue will create a denial of service condition, causing the application to become non-responsive, and may allow execution of arbitrary code on a vulnerable system.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Adobe Download Manager getPlus ActiveX Control Buffer Overflow (APSB10-02) protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Client Enforcement Violation.
Attack Information: Adobe Download Manager getPlus ActiveX Control Buffer Overflow (APSB10-02)