Check Point Advisories

Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow (CVE-2010-3552)

Vulnerability
Protection

Check Point Reference:	CPAI-2010-297
Date Published:	18 Oct 2010
Severity:	Critical
Last Updated:	Sunday 25 November, 2012
Source:
Industry Reference:	CVE-2010-3552
Protection Provided by:	Security Gateway R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description	Java Technology is a programming platform which aims to provide a system for developing and deploying cross-platform applications. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will allow execution of arbitrary commands on the vulnerable system. The vulnerability is contained in the Java plugin handler for Internet Explorer, JP2IEXP.dll. While parsing the parameter docbase, the value is copied into a fixed length buffer on the stack without validation, which can lead to a stack buffer overflow. A remote attacker can exploit this issue by enticing a user to visit a specially crafted web site. Successful exploitation of this vulnerability will allow execution of arbitrary code on the vulnerable system.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

In the IPS tab, click Protections and find the Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Client Enforcement Violation.
Attack Information: Oracle Java IE browser plugin docbase parameter stack buffer overflow