Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #8996

    • Updated:
    • 13 Sep 2017
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #8996      (September 12, 2017)
Details
Public
 
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 2.5.2 DV will run on TOS v2.5.2 to TOS v3.1.x.
The 3.2.0 DV will run on TOS v3.2.0 and above.
The 4.0.0 DV only supports the Virtual Threat Protection System (vTPS) platform.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before September 12, 2017. The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2017-0161 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8567 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8597 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8628 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8629 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8630 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-863129599 
CVE-2017-8632 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8643 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8648 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8649 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8660 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8675 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8676*28226 
CVE-2017-8677 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8678 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8679 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8680 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8681 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-868229569 
CVE-2017-8683 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8684 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8685 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8686 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8687 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8688 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8692*28737 
CVE-2017-8695 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8696 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8699 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8702 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8704 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8706 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8707 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8708 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8709 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8710 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8711 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8712 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8713 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8714 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8716 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8719 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8720 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8723 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8724 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8725 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-872829574 
CVE-2017-8729 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-873129577 
CVE-2017-8733 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-873429579 
CVE-2017-8735 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8736 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8737*28736 
CVE-2017-8738*28981 
CVE-2017-8739 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8740 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8741 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8742 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8743*29153 
CVE-2017-8744 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8745 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8746 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-874729581 
CVE-2017-8748 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-874929575 
CVE-2017-875029576 
CVE-2017-8751 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8752 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-875329573 
CVE-2017-8754 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8755 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8756 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-875729578 
CVE-2017-8758 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-875929600 
CVE-2017-9417 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11761 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11764 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11766 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_2.5.2_8996.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_8996.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_8996.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:


    29448: HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Buffer Overflow Vulnerability (ZDI-17-508)
      - IPS Version: 3.2.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Mitsubishi Electric E-Designer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-9638 CVSS 6.8
        - Zero Day Initiative: ZDI-17-508

    29452: HTTP: Trend Micro Control Manager cgiShowClientAdm Authentication Request (ZDI-17-244)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an authentication request in a Trend Micro Control Manager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-17-244

    29453: HTTP: Microsoft Edge asm.js Constructor Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 100052
        - Common Vulnerabilities and Exposures: CVE-2017-8645 CVSS 7.6

    29475: HTTP: Microsoft Edge Chakra Information Disclosure Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 100033
        - Common Vulnerabilities and Exposures: CVE-2017-8656 CVSS 7.6

    29514: PGSQL: PostgreSQL Database Core Server non-libpq Client Policy Bypass Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a policy bypass vulnerability in PostgreSQL Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 100278
        - Common Vulnerabilities and Exposures: CVE-2017-7546 CVSS 7.5

    29525: HTTP: Cacti spikekill.php Cross-Site Scripting Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Cacti.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 100490
        - Common Vulnerabilities and Exposures: CVE-2017-12927 CVSS 4.3

    29544: ZDI-CAN-5016: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29545: ZDI-CAN-5017: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29546: ZDI-CAN-5018: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29550: HTTP: Schneider Electric U.motion Builder SOAP Request SQL Command Execution (ZDI-17-387)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to execute SQL command in Schneider Electric U.Motion Builder.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-17-387

    29552: ZDI-CAN-5019: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29553: ZDI-CAN-5020,5027,5029: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29555: ZDI-CAN-5021: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29556: ZDI-CAN-5022: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29557: HTTP: Delta Industrial Automation WPLSoft File Parser Usage (ZDI-17-698)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Delta Industrial Automation WPLSoft File Parser.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-17-698

    29558: HTTP: Eaton ELCSoft Buffer Overflow Vulnerability (ZDI-17-519)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Eaton ELCSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Zero Day Initiative: ZDI-17-519

    29559: ZDI-CAN-5023: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29560: HTTP: Microsoft Windows Graphics Component META_SETDIBTODEV Information Disclosure Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a information disclosure vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 98298
        - Common Vulnerabilities and Exposures: CVE-2017-0190 CVSS 2.1

    29561: HTTP: Nuxeo Platform CMS Directory Traversal Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects attempt to exploit a directory traversal vulnerability in Nuxeo Platform CMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 97083
        - Common Vulnerabilities and Exposures: CVE-2017-5869 CVSS 6.5

    29562: HTTP: Atlassian FishEye and Crucible mostActiveCommitters Access
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to access the mostActiveCommitters page in Atlassian FishEye and Atlassian Crucible.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-9512 CVSS 5.0

    29563: ZDI-CAN-5024: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29564: ZDI-CAN-5025: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29565: ZDI-CAN-5026: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29566: ZDI-CAN-5028: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29569: HTTP: Microsoft Windows win32k Out-of-Bounds Write Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8682

    29572: HTTP: Apache Struts 2 XStreamHandler Suspicious XML Command Usage
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects usage of suspicious XML objects.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 100609
        - Common Vulnerabilities and Exposures: CVE-2017-9805

    29573: HTTP: Microsoft Scripting Engine Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Script Engine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8753

    29574: HTTP: Microsoft Windows PDF Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows PDF Library.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8728

    29575: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8749

    29576: HTTP: Microsoft Internet Explorer and Edge WeakMap Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer and Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8750

    29577: HTTP: Microsoft Edge iframe Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8731

    29578: HTTP: Microsoft Edge Applet Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8757

    29579: HTTP: Microsoft Edge SelectionRange Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8734

    29580: HTTP: Apache Struts 2 XStreamHandler Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Apache Struts 2.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 100609
        - Common Vulnerabilities and Exposures: CVE-2017-9805

    29581: HTTP: Microsoft Internet Explorer onload Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8747

    29584: ZDI-CAN-5034: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Reader DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    29596: HTTP: Apache Struts 2 XStreamHandler ysoserial Payload
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects usage of suspicious XML objects with embedded ysoserial payloads.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 100609
        - Common Vulnerabilities and Exposures: CVE-2017-9805

    29599: HTTP: Microsoft Office Excel .xlsb Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8631

    29600: HTTP: Microsoft .NET SOAP Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Microsoft .NET.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8759

    29602: HTTP: Apache Struts 2 XStreamHandler Command Injection Vulnerability
      - IPS Version: 3.2.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Apache Struts 2.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 100609
        - Common Vulnerabilities and Exposures: CVE-2017-9805

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    24900: HTTP: Mitsubishi Electric E-Designer BECoDeSysARTI Driver Configuration Buffer Overflow (ZDI-17-511)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24900: ZDI-CAN-3801: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    24901: HTTP: Mitsubishi Electric E-Designer BEMicroLogix Driver Configuration Buffer Overflow (ZDI-17-510)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24901: ZDI-CAN-3802: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 26894: HTTP: Microsoft Internet Explorer and Edge Column Spanning Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    27216: HTTP: SpiderControl SCADA Webserver iniNet Directory Traversal Vulnerability (ZDI-17-695)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27216: ZDI-CAN-4174: Zero Day Initiative Vulnerability (SpiderControl SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    27217: HTTP: SpiderControl SCADA MicroBrowser StaticHTMLTagsFileName Buffer Overflow (ZDI-17-694)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27217: ZDI-CAN-4194: Zero Day Initiative Vulnerability (SpiderControl SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    27379: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability (ZDI-17-173)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27379: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 27804: HTTP: Trend Micro Control Manager RestfulServiceUtility SQL Injection Vulnerability (ZDI-17-498,499)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27804: ZDI-CAN-4638-4639: Zero Day Initiative Vulnerability (Trend Micro Control Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 28035: HTTP: Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-577)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 28464: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-615)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28464: HTTP: Adobe Acrobat Pro DC ImageConversion Memory Corruption Vulnerability (ZDI-17-615)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    29046: HTTP: Microsoft Internet Explorer Use Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29046: HTTP: Microsoft Internet Explorer SVG foreignObject Type Confusion Vulnerability".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Security-Optimized (Block / Notify)

    * 29141: HTTP: HPE Intelligent Management Center Expression Code Injection (ZDI-17-652,ZDI-17-653,ZDI-17-654)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29141: ZDI-CAN-4899-4901: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 29143: HTTP: HPE Intelligent Management Center Expression Code Injection (ZDI-17-655,ZDI-17-656,ZDI-17-657)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29143: ZDI-CAN-4902-4904: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    24888: HTTP: Mitsubishi Electric E-Designer BECMpi Driver Configuration Buffer Overflow (ZDI-17-516)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24888: ZDI-CAN-3796: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
      - Description updated.
      - Vulnerability references updated.

    24896: HTTP: Mitsubishi Electric E-Designer BES7IsoTcp Driver Configuration Buffer Overflow (ZDI-17-515)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24896: ZDI-CAN-3797: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
      - Description updated.
      - Vulnerability references updated.

    24897: HTTP: Mitsubishi Electric E-Designer BEMBSlave Driver Configuration Buffer Overflow (ZDI-17-514)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24897: ZDI-CAN-3798: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
      - Description updated.
      - Vulnerability references updated.

    24898: HTTP: Mitsubishi Electric E-Designer BEModbus Driver Configuration Buffer Overflow (ZDI-17-513)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24898: ZDI-CAN-3799: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
      - Description updated.
      - Vulnerability references updated.

    24899: HTTP: Mitsubishi Electric E-Designer BEGalil Driver Configuration Buffer Overflow (ZDI-17-512)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24899: ZDI-CAN-3800: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
      - Description updated.
      - Vulnerability references updated.

    24912: HTTP: Mitsubishi Electric E-Designer BEComliSlave Status_bit Stack Buffer Overflow (ZDI-17-509)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24912: ZDI-CAN-3808: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
      - Description updated.
      - Vulnerability references updated.

    24927: HTTP: UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER Usage (ZDI-17-413 - ZDI-17-418)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "24927: ZDI-CAN-3880-3883: Zero Day Initiative Vulnerability(UCanCode E-XD++ Visualization Enterprise Suite)".
      - Description updated.
      - Vulnerability references updated.

    25356: HTTP: UCanCode E-XD++ Visualization Enterprise Suite TKGIS Usage (ZDI-17-428,434,435)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "25356: ZDI-CAN-3897,3970: Zero Day Initiative Vulnerability(UCanCode E-XD++ Visualization Enterprise Suite)".
      - Description updated.
      - Vulnerability references updated.

    * 26825: HTTP: Trend Micro Deep Discovery Email Inspector kdump_setting Denial-of-Service (ZDI-17-503)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26825: ZDI-CAN-4350: Zero Day Initiative Vulnerability (Trend Micro Deep Discovery Email Inspector)".
      - Description updated.
      - Vulnerability references updated.

    27215: HTTP: Delta Industrial Automation PMSoft Project File Parsing Buffer Overflow (ZDI-17-706)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27215: ZDI-CAN-4045: Zero Day Initiative Vulnerability (Delta Industrial Automation PMSoft)".
      - Description updated.
      - Vulnerability references updated.

    27232: TCP: HPE Intelligent Management Center dbman Buffer Overflow Vulnerability (ZDI-17-484)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27232: ZDI-CAN-4368: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    27240: TCP: HPE Intelligent Management Center dbman Opcode 10005 Command Injection (ZDI-17-481,ZDI-17-483)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27240: ZDI-CAN-4380,4426: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Vulnerability references updated.

    27504: HTTP: Flexense Multiple Product Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27504: HTTP: Flexsense Multiple Product Buffer Overflow Vulnerability".
      - Description updated.

    27547: TCP: HPE Intelligent Management Center dbman Opcode 10006 Denial-of-Service (ZDI-17-482)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27547: ZDI-CAN-4425: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    * 27744: HTTP: Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-467)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27744: ZDI-CAN-4482: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)".
      - Description updated.
      - Vulnerability references updated.

    * 27747: HTTP: Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-468)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27747: ZDI-CAN-4485: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)".
      - Description updated.
      - Vulnerability references updated.

    * 28009: HTTP: Trend Micro Control Manager Multiple SQL Injection Vulnerability (ZDI-17-493,494,495,496)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 28031: HTTP: Flexense Multiple Product Import Command Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28031: HTTP: Flexsense Multiple Product Import Command Buffer Overflow Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    28226: HTTP: Microsoft Windows Bitmap Parsing Information Disclosure Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28226: ZDI-CAN-4708: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.

    * 28227: HTTP: Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-488)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28227: ZDI-CAN-4713: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Vulnerability references updated.

    * 28228: HTTP: Trend Micro InterScan Messaging Security Proxy Command Injection Vulnerability(ZDI-17-502,504)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28228: ZDI-CAN-4744-4745: Zero Day Initiative Vulnerability (Trend Micro InterScan Messaging Security)".
      - Description updated.
      - Vulnerability references updated.

    * 28323: HTTP: Foxit Reader AFParseDateEx Use-After-Free Vulnerability (ZDI-17-454)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28323: ZDI-CAN-4816: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    * 28474: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-607)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28474: ZDI-CAN-4766: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    * 28729: HTTP: Microsoft Chakra eval Integer Overflow Vulnerability (ZDI-17-641)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28729: ZDI-CAN-4826: Zero Day Initiative Vulnerability (Microsoft Chakra)".
      - Description updated.
      - Vulnerability references updated.

    * 28736: HTTP: Microsoft Windows PDF Library JPEG2000 Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28736: ZDI-CAN-4844: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    * 28737: HTTP: Microsoft Office Word Bidirectional Text Information Disclosure Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28737: ZDI-CAN-4845: Zero Day Initiative Vulnerability (Microsoft Office Word)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Vulnerability references updated.

    * 28746: HTTP: Foxit Reader setItem Use-After-Free Vulnerability (ZDI-17-459)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28746: ZDI-CAN-4721: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    28747: HTTP: Foxit Reader print Use-After-Free Vulnerability (ZDI-17-460)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28747: ZDI-CAN-4722: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    28748: HTTP: Foxit Reader execMenuItem Use-After-Free Vulnerability (ZDI-17-461)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28748: ZDI-CAN-4723: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    28749: HTTP: Foxit Reader App alert Use-After-Free Vulnerability (ZDI-17-458)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28749: ZDI-CAN-4855: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    * 28816: HTTP: Lepide LepideAuditor Suite Malicious Server Command Injection Vulnerability (ZDI-17-440)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28816: ZDI-CAN-3833: Zero Day Initiative Vulnerability (Lepide LepideAuditor Suite)".
      - Description updated.
      - Vulnerability references updated.

    28897: HTTP: Microsoft Internet Explorer SVG Layout Uninitialized Memory Vulnerability (ZDI-17-640)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28897: ZDI-CAN-4777: Zero Day Initiative Vulnerability (Microsoft Edge)".
      - Description updated.
      - Vulnerability references updated.

    28898: HTTP: HPE IMC operationSelect Code Injection Vulnerability (ZDI-17-682)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28898: ZDI-CAN-4869: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28906: HTTP: HPE IMC faultEventSelectFactWithRecover Code Injection Vulnerability (ZDI-17-683)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28906: ZDI-CAN-4870: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28907: HTTP: HPE IMC perfAddorModDeviceMonitor Code Injection Vulnerability (ZDI-17-684)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28907: ZDI-CAN-4871: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28908: HTTP: HPE IMC userSelectPagingContent Code Injection Vulnerability (ZDI-17-685)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28908: ZDI-CAN-4872: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28909: HTTP: HPE IMC quickTemplateSelect Code Injection Vulnerability (ZDI-17-686)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28909: ZDI-CAN-4873: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28910: HTTP: HPE IMC iccSelectDeviceSeries Code Injection Vulnerability (ZDI-17-676)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28910: ZDI-CAN-4874: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28911: HTTP: HPE IMC guiDataDetail Code Injection Vulnerability (ZDI-17-687)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28911: ZDI-CAN-4875: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28912: HTTP: HPE IMC operatorGroupTreeSelectContent Code Injection Vulnerability (ZDI-17-672)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28912: ZDI-CAN-4876: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28913: HTTP: HPE IMC smsRulesDownload Code Injection Vulnerability (ZDI-17-673)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28913: ZDI-CAN-4877: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28914: HTTP: HPE ICM operatorGroupSelectContent Code Injection Vulnerability (ZDI-17-688)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28914: ZDI-CAN-4878: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    28915: HTTP: HPE IMC wmiConfigContent Code Injection Vulnerability (ZDI-17-690)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28915: ZDI-CAN-4880: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    * 28981: HTTP: Microsoft Edge Scripting Engine Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28981: ZDI-CAN-4910: Zero Day Initiative Vulnerability (Microsoft Chakra)".
      - Description updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    28982: HTTP: Microsoft Edge DOMAttrModified Type Confusion Vulnerability (ZDI-17-696)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28982: ZDI-CAN-4884: Zero Day Initiative Vulnerability (Microsoft Edge)".
      - Description updated.
      - Vulnerability references updated.

    * 29068: HTTP: Apache Struts 2 Struts 1 Plugin Remote Code Execution Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    * 29153: HTTP: Microsoft Office Powerpoint Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29153: ZDI-CAN-4968: Zero Day Initiative Vulnerability (Microsoft Office)".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters:     None
  
   
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000089666
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.