Summary
Digital Vaccine #9019 October 24, 2017
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9019.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9019.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
29696: ZDI-CAN-5073: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.2.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29750: SMB: SMB1 Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a information disclosure vulnerability in SMB1.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 100925
- Common Vulnerabilities and Exposures: CVE-2017-12163
29753: HTTP: Spring Data Rest Server PATCH Request Code Execution Vulnerability
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Spring Framework (Spring Data REST).
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8046
29759: HTTP: Cisco Prime Collaboration Provisioning Logs Directory Information Disclosure (ZDI-17-449)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Cisco Prime Collaboration Provisioning.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 98526
- Common Vulnerabilities and Exposures: CVE-2017-6636 CVSS 4.0
- Zero Day Initiative: ZDI-17-449
29762: HTTP: Schneider Electric U.motion Builder syslog_getdata SQL Injection Vulnerability (ZDI-17-379)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Schneider Electric U.motion Builder.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Zero Day Initiative: ZDI-17-379
29763: HTTP: Schneider Electric U.motion Builder track_getdata SQL Injection Vulnerability (ZDI-17-382)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Schneider Electric U.motion Builder.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Zero Day Initiative: ZDI-17-382
29764: HTTP: Schneider Electric U.motion Builder editobject SQL Injection Vulnerability (ZDI-17-384)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Schneider Electric U.motion Builder.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Zero Day Initiative: ZDI-17-384
29765: HTTP: Microsoft Internet Explorer NewMessage Privilege Escalation Vulnerability (ZDI-16-018)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2016-0020
- Microsoft Security Bulletin: MS16-007
- Zero Day Initiative: ZDI-16-018
29767: ZDI-CAN-5087: Zero Day Initiative Vulnerability (Novell NetIQ Access Manager)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: High
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Novell NetIQ Access Manager.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29768: ZDI-CAN-5091: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29769: ZDI-CAN-5092: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29770: ZDI-CAN-5093: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: High
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29772: ZDI-CAN-5094: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29776: OpenVPN: OpenVPN read_key Stack Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in OpenVPN.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 101153
- Common Vulnerabilities and Exposures: CVE-2017-12166 CVSS 6.8
29778: HTTP: DenyAll Web Application Firewall Debug Authentication
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to obtain authentication information in DenyAll Web Application Firewall.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-14706 CVSS 7.5
29780: ZDI-CAN-5095: Zero Day Initiative Vulnerability (Belkin Wemo Link)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin Wemo Link.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29781: ZDI-CAN-5096: Zero Day Initiative Vulnerability (Apple Safari)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29783: ZDI-CAN-5104: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting NetGain Systems Enterprise Manager.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29784: ZDI-CAN-5105: Zero Day Initiative Vulnerability (Microsoft Office Excel)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29785: ZDI-CAN-5107: Zero Day Initiative Vulnerability (Trend Micro Control Manager)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Control Manager.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29786: ZDI-CAN-5111: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29794: ZDI-CAN-5112: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29795: ZDI-CAN-5113: Zero Day Initiative Vulnerability (Microsoft Office Publisher)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Publisher.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29796: ZDI-CAN-5114: Zero Day Initiative Vulnerability (Microsoft Chakra)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Chakra.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
Modified Filters (logic changes):
* = Enabled in Default deployments
6377: HTTP: Microsoft Word/Excel Document with Embedded Macros Download
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20792: HTTP: Microsoft Windows VBScript Join Function Use-After-Free Vulnerability (ZDI-15-591)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
20815: HTTP: Microsoft Windows VBScript Filter Function Use-After-Free Vulnerability (ZDI-15-592)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
* 27807: HTTP: Cisco License Manager Server ReportCSV Directory Traversal Vulnerability (ZDI-17-837)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27807: ZDI-CAN-4635: Zero Day Initiative Vulnerability (Cisco License Manager Server)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
28465: SMB: Linux Samba Code Execution Vulnerability (EternalRed)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28473: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-606)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
6763: HTTP: Wget Web Page Retrieval Attempt
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Deployments updated and are now:
- Deployment: Performance-Optimized (Block / Notify)
* 22110: HTTP: Adobe Acrobat DC/Foxit Reader XFA FormCalc Integer Overflow Vulnerability (ZDI-16-028,286)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "22110: HTTP: Adobe Acrobat Reader DC/Foxit Reader XFA FormCalc Integer Overflow Vulnerability (ZDI-16-028)".
- Description updated.
- Vulnerability references updated.
* 25327: HTTP: Adobe Flash sendEvent Use-After-Free Vulnerability (ZDI-16-569)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "25327: HTTP: Adobe Flash sendEvent Use-After-Free Vulnerability".
- Description updated.
- Vulnerability references updated.
* 25740: HTTP: Adobe Flash AVSegmentedSource Use-After-Free Vulnerability (ZDI-16-596)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "25740: HTTP: Adobe Flash AVSegmentedSource Use-After-Free Vulnerability".
- Description updated.
- Vulnerability references updated.
26703: LDAP: Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow Vulnerability (ZDI-17-053)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26703: LDAP: Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow Vulnerability".
- Description updated.
- Vulnerability references updated.
27239: TCP: HPE Intelligent Management Center dbman Opcode 10006 Command Injection (ZDI-17-339)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
28915: HTTP: HPE IMC wmiConfigContent Code Injection Vulnerability (ZDI-17-690)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
29600: HTTP: Microsoft .NET SOAP Command Injection Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Miscellaneous modification.
29738: HTTP: Apache Tomcat HTTP PUT Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Miscellaneous modification.
29747: HTTP: DenyAll Web Application Firewall Command Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
29771: HTTP: Adobe Flash BufferControlParameters Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
Removed Filters: None
Support Information Trend Micro™ TippingPoint is committed to providing quality customer support for our products. If you require assistance, contact the TippingPoint Technical Assistance Center (TAC). To expedite your support request, have your device certificate number (CERT) and the software version of your product ready. For updated contact information, please click here Business Support Portal (BSP) Trend Micro™ TippingPoint provides an online support portal for its customers. This tool provides customers with the ability to create and manage support cases in addition it enhances case management and collaboration by guiding you to product specific solutions, self-help and technical assistance. You can reach the BSP from the Threat Management Center (TMC) website by navigating to Support → Business Support Portal (BSP) or directly by going to https://success.trendmicro.com/sign-in. In order to register for the portal, you will need to have a current Trend Micro™ TippingPoint device certificate number (CERT) or Activation Code (AC). If you need assistance locating your device CERT number, you can click here or contact Trend Micro TippingPoint Technical Assistance Center (TAC) for additional information. |
Top of the Page