Summary
Digital Vaccine #8996 (September 12, 2017)
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 2.5.2 DV will run on TOS v2.5.2 to TOS v3.1.x. The 3.2.0 DV will run on TOS v3.2.0 and above. The 4.0.0 DV only supports the Virtual Threat Protection System (vTPS) platform. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before September 12, 2017. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE # | TippingPoint Filter # | Status |
CVE-2017-0161 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8567 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8597 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8628 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8629 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8630 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8631 | 29599 | |
CVE-2017-8632 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8643 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8648 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8649 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8660 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8675 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8676 | *28226 | |
CVE-2017-8677 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8678 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8679 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8680 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8681 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8682 | 29569 | |
CVE-2017-8683 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8684 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8685 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8686 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8687 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8688 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8692 | *28737 | |
CVE-2017-8695 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8696 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8699 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8702 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8704 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8706 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8707 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8708 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8709 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8710 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8711 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8712 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8713 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8714 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8716 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8719 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8720 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8723 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8724 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8725 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8728 | 29574 | |
CVE-2017-8729 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8731 | 29577 | |
CVE-2017-8733 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8734 | 29579 | |
CVE-2017-8735 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8736 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8737 | *28736 | |
CVE-2017-8738 | *28981 | |
CVE-2017-8739 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8740 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8741 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8742 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8743 | *29153 | |
CVE-2017-8744 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8745 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8746 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8747 | 29581 | |
CVE-2017-8748 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8749 | 29575 | |
CVE-2017-8750 | 29576 | |
CVE-2017-8751 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8752 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8753 | 29573 | |
CVE-2017-8754 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8755 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8756 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8757 | 29578 | |
CVE-2017-8758 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8759 | 29600 | |
CVE-2017-9417 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11761 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11764 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11766 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
29448: HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Buffer Overflow Vulnerability (ZDI-17-508)
- IPS Version: 3.2.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Mitsubishi Electric E-Designer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-9638 CVSS 6.8
- Zero Day Initiative: ZDI-17-508
29452: HTTP: Trend Micro Control Manager cgiShowClientAdm Authentication Request (ZDI-17-244)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an authentication request in a Trend Micro Control Manager.
- Deployment: Not enabled by default in any deployment.
- References:
- Zero Day Initiative: ZDI-17-244
29453: HTTP: Microsoft Edge asm.js Constructor Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 100052
- Common Vulnerabilities and Exposures: CVE-2017-8645 CVSS 7.6
29475: HTTP: Microsoft Edge Chakra Information Disclosure Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 100033
- Common Vulnerabilities and Exposures: CVE-2017-8656 CVSS 7.6
29514: PGSQL: PostgreSQL Database Core Server non-libpq Client Policy Bypass Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a policy bypass vulnerability in PostgreSQL Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 100278
- Common Vulnerabilities and Exposures: CVE-2017-7546 CVSS 7.5
29525: HTTP: Cacti spikekill.php Cross-Site Scripting Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Cacti.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 100490
- Common Vulnerabilities and Exposures: CVE-2017-12927 CVSS 4.3
29544: ZDI-CAN-5016: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29545: ZDI-CAN-5017: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29546: ZDI-CAN-5018: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29550: HTTP: Schneider Electric U.motion Builder SOAP Request SQL Command Execution (ZDI-17-387)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to execute SQL command in Schneider Electric U.Motion Builder.
- Deployment: Not enabled by default in any deployment.
- References:
- Zero Day Initiative: ZDI-17-387
29552: ZDI-CAN-5019: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29553: ZDI-CAN-5020,5027,5029: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29555: ZDI-CAN-5021: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29556: ZDI-CAN-5022: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29557: HTTP: Delta Industrial Automation WPLSoft File Parser Usage (ZDI-17-698)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Delta Industrial Automation WPLSoft File Parser.
- Deployment: Not enabled by default in any deployment.
- References:
- Zero Day Initiative: ZDI-17-698
29558: HTTP: Eaton ELCSoft Buffer Overflow Vulnerability (ZDI-17-519)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Eaton ELCSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Zero Day Initiative: ZDI-17-519
29559: ZDI-CAN-5023: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29560: HTTP: Microsoft Windows Graphics Component META_SETDIBTODEV Information Disclosure Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a information disclosure vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 98298
- Common Vulnerabilities and Exposures: CVE-2017-0190 CVSS 2.1
29561: HTTP: Nuxeo Platform CMS Directory Traversal Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects attempt to exploit a directory traversal vulnerability in Nuxeo Platform CMS.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 97083
- Common Vulnerabilities and Exposures: CVE-2017-5869 CVSS 6.5
29562: HTTP: Atlassian FishEye and Crucible mostActiveCommitters Access
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects an attempt to access the mostActiveCommitters page in Atlassian FishEye and Atlassian Crucible.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-9512 CVSS 5.0
29563: ZDI-CAN-5024: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29564: ZDI-CAN-5025: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29565: ZDI-CAN-5026: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29566: ZDI-CAN-5028: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29569: HTTP: Microsoft Windows win32k Out-of-Bounds Write Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8682
29572: HTTP: Apache Struts 2 XStreamHandler Suspicious XML Command Usage
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects usage of suspicious XML objects.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 100609
- Common Vulnerabilities and Exposures: CVE-2017-9805
29573: HTTP: Microsoft Scripting Engine Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Script Engine.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8753
29574: HTTP: Microsoft Windows PDF Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows PDF Library.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8728
29575: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8749
29576: HTTP: Microsoft Internet Explorer and Edge WeakMap Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer and Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8750
29577: HTTP: Microsoft Edge iframe Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8731
29578: HTTP: Microsoft Edge Applet Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8757
29579: HTTP: Microsoft Edge SelectionRange Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8734
29580: HTTP: Apache Struts 2 XStreamHandler Command Injection Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Apache Struts 2.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 100609
- Common Vulnerabilities and Exposures: CVE-2017-9805
29581: HTTP: Microsoft Internet Explorer onload Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8747
29584: ZDI-CAN-5034: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Reader DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29596: HTTP: Apache Struts 2 XStreamHandler ysoserial Payload
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects usage of suspicious XML objects with embedded ysoserial payloads.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 100609
- Common Vulnerabilities and Exposures: CVE-2017-9805
29599: HTTP: Microsoft Office Excel .xlsb Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Office Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8631
29600: HTTP: Microsoft .NET SOAP Command Injection Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Microsoft .NET.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8759
29602: HTTP: Apache Struts 2 XStreamHandler Command Injection Vulnerability
- IPS Version: 3.2.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Apache Struts 2.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 100609
- Common Vulnerabilities and Exposures: CVE-2017-9805
Modified Filters (logic changes):
* = Enabled in Default deployments
24900: HTTP: Mitsubishi Electric E-Designer BECoDeSysARTI Driver Configuration Buffer Overflow (ZDI-17-511)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24900: ZDI-CAN-3801: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
24901: HTTP: Mitsubishi Electric E-Designer BEMicroLogix Driver Configuration Buffer Overflow (ZDI-17-510)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24901: ZDI-CAN-3802: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 26894: HTTP: Microsoft Internet Explorer and Edge Column Spanning Type Confusion Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
27216: HTTP: SpiderControl SCADA Webserver iniNet Directory Traversal Vulnerability (ZDI-17-695)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27216: ZDI-CAN-4174: Zero Day Initiative Vulnerability (SpiderControl SCADA)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
27217: HTTP: SpiderControl SCADA MicroBrowser StaticHTMLTagsFileName Buffer Overflow (ZDI-17-694)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27217: ZDI-CAN-4194: Zero Day Initiative Vulnerability (SpiderControl SCADA)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
27379: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability (ZDI-17-173)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27379: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 27804: HTTP: Trend Micro Control Manager RestfulServiceUtility SQL Injection Vulnerability (ZDI-17-498,499)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27804: ZDI-CAN-4638-4639: Zero Day Initiative Vulnerability (Trend Micro Control Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28035: HTTP: Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-577)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28464: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-615)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28464: HTTP: Adobe Acrobat Pro DC ImageConversion Memory Corruption Vulnerability (ZDI-17-615)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
29046: HTTP: Microsoft Internet Explorer Use Type Confusion Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29046: HTTP: Microsoft Internet Explorer SVG foreignObject Type Confusion Vulnerability".
- Category changed from "Exploits" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Deployments updated and are now:
- Deployment: Security-Optimized (Block / Notify)
* 29141: HTTP: HPE Intelligent Management Center Expression Code Injection (ZDI-17-652,ZDI-17-653,ZDI-17-654)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29141: ZDI-CAN-4899-4901: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 29143: HTTP: HPE Intelligent Management Center Expression Code Injection (ZDI-17-655,ZDI-17-656,ZDI-17-657)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29143: ZDI-CAN-4902-4904: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
24888: HTTP: Mitsubishi Electric E-Designer BECMpi Driver Configuration Buffer Overflow (ZDI-17-516)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24888: ZDI-CAN-3796: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
- Description updated.
- Vulnerability references updated.
24896: HTTP: Mitsubishi Electric E-Designer BES7IsoTcp Driver Configuration Buffer Overflow (ZDI-17-515)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24896: ZDI-CAN-3797: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
- Description updated.
- Vulnerability references updated.
24897: HTTP: Mitsubishi Electric E-Designer BEMBSlave Driver Configuration Buffer Overflow (ZDI-17-514)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24897: ZDI-CAN-3798: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
- Description updated.
- Vulnerability references updated.
24898: HTTP: Mitsubishi Electric E-Designer BEModbus Driver Configuration Buffer Overflow (ZDI-17-513)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24898: ZDI-CAN-3799: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
- Description updated.
- Vulnerability references updated.
24899: HTTP: Mitsubishi Electric E-Designer BEGalil Driver Configuration Buffer Overflow (ZDI-17-512)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24899: ZDI-CAN-3800: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
- Description updated.
- Vulnerability references updated.
24912: HTTP: Mitsubishi Electric E-Designer BEComliSlave Status_bit Stack Buffer Overflow (ZDI-17-509)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24912: ZDI-CAN-3808: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)".
- Description updated.
- Vulnerability references updated.
24927: HTTP: UCanCode E-XD++ Visualization Enterprise Suite UCCVIEWER Usage (ZDI-17-413 - ZDI-17-418)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24927: ZDI-CAN-3880-3883: Zero Day Initiative Vulnerability(UCanCode E-XD++ Visualization Enterprise Suite)".
- Description updated.
- Vulnerability references updated.
25356: HTTP: UCanCode E-XD++ Visualization Enterprise Suite TKGIS Usage (ZDI-17-428,434,435)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "25356: ZDI-CAN-3897,3970: Zero Day Initiative Vulnerability(UCanCode E-XD++ Visualization Enterprise Suite)".
- Description updated.
- Vulnerability references updated.
* 26825: HTTP: Trend Micro Deep Discovery Email Inspector kdump_setting Denial-of-Service (ZDI-17-503)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26825: ZDI-CAN-4350: Zero Day Initiative Vulnerability (Trend Micro Deep Discovery Email Inspector)".
- Description updated.
- Vulnerability references updated.
27215: HTTP: Delta Industrial Automation PMSoft Project File Parsing Buffer Overflow (ZDI-17-706)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27215: ZDI-CAN-4045: Zero Day Initiative Vulnerability (Delta Industrial Automation PMSoft)".
- Description updated.
- Vulnerability references updated.
27232: TCP: HPE Intelligent Management Center dbman Buffer Overflow Vulnerability (ZDI-17-484)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27232: ZDI-CAN-4368: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
- Description updated.
- Vulnerability references updated.
27240: TCP: HPE Intelligent Management Center dbman Opcode 10005 Command Injection (ZDI-17-481,ZDI-17-483)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27240: ZDI-CAN-4380,4426: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
- Description updated.
- Vulnerability references updated.
27504: HTTP: Flexense Multiple Product Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27504: HTTP: Flexsense Multiple Product Buffer Overflow Vulnerability".
- Description updated.
27547: TCP: HPE Intelligent Management Center dbman Opcode 10006 Denial-of-Service (ZDI-17-482)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27547: ZDI-CAN-4425: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
- Description updated.
- Vulnerability references updated.
* 27744: HTTP: Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-467)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27744: ZDI-CAN-4482: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)".
- Description updated.
- Vulnerability references updated.
* 27747: HTTP: Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-468)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27747: ZDI-CAN-4485: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)".
- Description updated.
- Vulnerability references updated.
* 28009: HTTP: Trend Micro Control Manager Multiple SQL Injection Vulnerability (ZDI-17-493,494,495,496)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
* 28031: HTTP: Flexense Multiple Product Import Command Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28031: HTTP: Flexsense Multiple Product Import Command Buffer Overflow Vulnerability".
- Description updated.
- Vulnerability references updated.
28226: HTTP: Microsoft Windows Bitmap Parsing Information Disclosure Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28226: ZDI-CAN-4708: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
* 28227: HTTP: Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-488)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28227: ZDI-CAN-4713: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Vulnerability references updated.
* 28228: HTTP: Trend Micro InterScan Messaging Security Proxy Command Injection Vulnerability(ZDI-17-502,504)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28228: ZDI-CAN-4744-4745: Zero Day Initiative Vulnerability (Trend Micro InterScan Messaging Security)".
- Description updated.
- Vulnerability references updated.
* 28323: HTTP: Foxit Reader AFParseDateEx Use-After-Free Vulnerability (ZDI-17-454)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28323: ZDI-CAN-4816: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Vulnerability references updated.
* 28474: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-607)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28474: ZDI-CAN-4766: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
- Description updated.
- Vulnerability references updated.
* 28729: HTTP: Microsoft Chakra eval Integer Overflow Vulnerability (ZDI-17-641)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28729: ZDI-CAN-4826: Zero Day Initiative Vulnerability (Microsoft Chakra)".
- Description updated.
- Vulnerability references updated.
* 28736: HTTP: Microsoft Windows PDF Library JPEG2000 Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed f