Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 have a stack based buffer overflow vulnerability. A remote attacker could execute arbitrary code on the system via an ISAKMP packet with a large Certificate Request.
Check Point SecuRemote/SecureClient 4.1 Bld 4200 & prior
Check Point VPN-1 Server 4.1 SP5a & prior
Check Point VPN-1 Server NG FP0
Check Point VPN-1 Server NG FP1
Currently we are not aware of any official supplied fix for this issue.