Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9000

    • Updated:
    • 19 Sep 2017
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9000      September 19, 2017
Details
Public
 
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 2.5.2 DV will run on IPS devices with TOS v2.5.2 to TOS v3.1.x.
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Adobe Security Bulletins
This DV includes coverage for the Adobe vulnerabilities released on or before September 12, 2017.
The following table maps TippingPoint filters to the Adobe CVEs.
Bulletin #CVE #TippingPoint Filter #Status
APSB17-28CVE-2017-1128129632 
APSB17-28CVE-2017-1128229603 
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_2.5.2_9000.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9000.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9000.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:


    28904: IMAP: IBM Domino IMAP Mailbox Name Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Domino.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 97910, 98019
        - Common Vulnerabilities and Exposures: CVE-2017-1274 CVSS 6.5

    29547: DHCP: FreeRADIUS fr_dhcp_attr2vp Integer Underflow Out-of-Bounds Read Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in FreeRADIUS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 99971
        - Common Vulnerabilities and Exposures: CVE-2017-10986 CVSS 5.0

    29548: RADIUS: FreeRADIUS rad_coalesce Out-of-Bounds Read Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in FreeRADIUS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 99901
        - Common Vulnerabilities and Exposures: CVE-2017-10979 CVSS 7.5

    29549: RADIUS: FreeRADIUS data2vp_wimax Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in FreeRADIUS.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 99876
        - Common Vulnerabilities and Exposures: CVE-2017-10984 CVSS 7.5

    29551: HTTP: E-XD++ Visualization Suite UCCVIEWER Vulnerable ActiveX Instantiation (ZDI-17-420)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to instantiate a vulnerable ActiveX control in E-XD++ Visualization Enterprise Suite.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-17-420

    29554: HTTP: E-XD++ Visualization Enterprise Suite UCCDRAW Vulnerable Activex Instantiation (ZDI-17-421)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to instantiate a vulnerable ActiveX control in E-XD++ Visualization Enterprise Suite.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-17-421

    29567: ZDI-CAN-5030: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29568: SMTP: Microsoft Outlook Protected View Security Bypass Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Microsoft Outlook.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 97458
        - Common Vulnerabilities and Exposures: CVE-2017-0204 CVSS 4.3

    29586: HTTP: Nginx ngx_http_range_filter_module Integer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects attempt to exploit an integer overflow in the Nginx web server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 99534
        - Common Vulnerabilities and Exposures: CVE-2017-7529 CVSS 5.0

    29588: HTTP: Microsoft Windows System Information Console XXE Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an XML external entity (XXE) injection vulnerability in the System Information Console component of Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 99387, 99398
        - Common Vulnerabilities and Exposures: CVE-2017-8557 CVSS 2.1

    29589: TCP: HPE Intelligent Management Center imcwlandm Buffer Overflow Vulnerability (ZDI-17-315)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Hewlett Packard Enterprise Intelligent Management Center.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 98088
        - Common Vulnerabilities and Exposures: CVE-2017-5804 CVSS 10.0
        - Zero Day Initiative: ZDI-17-315

    29598: HTTP: Nitro Pro PDF Command Execution Vulnerability
      - IPS Version: 3.2.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command execution vulnerability in Nitro Pro PDF.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 100298
        - Common Vulnerabilities and Exposures: CVE-2017-7442 CVSS 6.8

    29603: HTTP: Adobe Flash text Object Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-11282

    29629: SMB: Microsoft Windows SMB Server SMBv1 Out-of-Bounds Read Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in  Microsoft Windows SMB Server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 98259
        - Common Vulnerabilities and Exposures: CVE-2017-0267 CVSS 4.3

    29630: SSL: GnuTLS status_request Extension Null Pointer Dereference Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects attempts to exploit a null pointer dereference vulnerability in GnuTLS.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 99102
        - Common Vulnerabilities and Exposures: CVE-2017-7507 CVSS 5.0

    29632: HTTP: Adobe Flash MP4 Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-11281

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    5561: Tunneling: Iodine DNS Tunneling Request
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    25357: HTTP: UCanCode E-XD++ Visualization Enterprise Suite TKDrawCAD RotateShape Usage (ZDI-17-422)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "25357: ZDI-CAN-3907: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    27240: TCP: HPE Intelligent Management Center dbman Opcode 10005 Command Injection (ZDI-17-481,ZDI-17-483)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    27315: HTTP: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal (ZDI-17-447,448)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27315: HTTP: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal (ZDI-17-447)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    28320: RPC: RPCBind XDR Parsing Memory Exhaustion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28320: RPC: RPCbind GetVersAddr Denial-of-Service Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    28613: HTTP: Microsoft Edge clip-path Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Security-Optimized (Block / Notify)

    28740: HTTP: HPE IMC dnd Expression Language Injection Vulnerability (ZDI-17-675)
      - IPS Version: 3.2.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28740: ZDI-CAN-4853: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 29068: HTTP: Apache Struts 2 Struts 1 Plugin Remote Code Execution Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 29369: HTTP: Adobe Acrobat Reader WinAnsiEncoding Differences Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 7170: ARP: Address Invalid
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    28914: HTTP: HPE IMC operatorGroupSelectContent Code Injection Vulnerability (ZDI-17-688)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28914: HTTP: HPE ICM operatorGroupSelectContent Code Injection Vulnerability (ZDI-17-688)".

    * 29141: HTTP: HPE Intelligent Management Center Expression Code Injection (ZDI-17-652,ZDI-17-653,ZDI-17-654)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

  Removed Filters: None
  
   
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000090484
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.