Summary
Digital Vaccine #9033 November 14, 2017
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before November 14, 2017. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE # | TippingPoint Filter # | Status |
CVE-2017-11768 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11770 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11788 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11791 | 29921 | |
CVE-2017-11803 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11827 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11830 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11831 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11832 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11833 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11834 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11835 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11836 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11837 | 29923 | |
CVE-2017-11838 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11839 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11840 | 29926 | |
CVE-2017-11841 | 29933 | |
CVE-2017-11842 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11843 | 29931 | |
CVE-2017-11844 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11845 | 29930 | |
CVE-2017-11846 | 29932 | |
CVE-2017-11847 | 29924 | |
CVE-2017-11848 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11849 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11850 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11851 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11852 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11853 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11854 | 29929 | |
CVE-2017-11855 | 29918 | |
CVE-2017-11856 | *29744 | |
CVE-2017-11858 | *29832 | |
CVE-2017-11861 | 29925 | |
CVE-2017-11862 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11863 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11866 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11867 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11869 | *29794 | |
CVE-2017-11870 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11871 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11872 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11873 | 29927 | |
CVE-2017-11874 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11876 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11877 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11878 | *29784 | |
CVE-2017-11879 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11880 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11882 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-11883 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2017-8700 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9033.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9033.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
29918: HTTP: Microsoft Internet Explorer TypeError Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11855
29921: HTTP: Microsoft Edge removeEventListener Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11791
29923: HTTP: Microsoft Edge Array Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11837
29924: HTTP: Microsoft Windows Kernel Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11847
29925: HTTP: Microsoft Edge Typed Array Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11861
29926: HTTP: Microsoft Edge Array Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11840
29927: HTTP: Microsoft Edge Typed Array Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11873
29929: HTTP: Microsoft Word RTF Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Word.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11854
29930: HTTP: Microsoft Edge transition-property Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11845
29931: HTTP: Microsoft Edge getOwnPropertyDescriptor Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11843
29932: HTTP: Microsoft Chakra textarea Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Chakra.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11846
29933: HTTP: Microsoft Edge Call Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11841
29934: ZDI-CAN-5140: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29935: ZDI-CAN-5141: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29936: ZDI-CAN-5142: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29937: ZDI-CAN-5143: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
29938: ZDI-CAN-5144: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29939: ZDI-CAN-5145: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
29958: HTTP: MANTISTEK Cloud Driver Reporting Request
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.1.0 and after.
- TPS Version: Not available.
- vTPS Version: Not available.
- Category: Security Policy
- Severity: Low
- Description: This filter detects usage of the MANTISTEK Cloud Driver over the HTTP protocol.
- Deployment: Not enabled by default in any deployment.
Modified Filters (logic changes):
* = Enabled in Default deployments
25458: HTTP: Flexense DiskPulse Enterprise Server Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28031: HTTP: Flexense Multiple Product Import Command Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28311: HTTP: Trend Micro Mobile Security for Enterprise database_name SQL Injection (ZDI-17-791)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28311: ZDI-CAN-4786: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28312: HTTP: Trend Micro Mobile Security for Enterprise edit_eas_note SQL Injection (ZDI-17-795)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28312: ZDI-CAN-4791: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28313: HTTP: Trend Micro Mobile Security for Enterprise SQL Injection Vulnerability (ZDI-17-796,797,799)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28313: ZDI-CAN-4792-4793,4796: Zero Day Initiative Vulnerability (Trend Micro Mobile Security)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28317: HTTP: Trend Micro Mobile Security for Enterprise delete_user SQL Injection Vulnerability(ZDI-17-798)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28317: ZDI-CAN-4794: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28462: HTTP: Trend Micro Mobile Security for Enterprise SQL Injection Vulnerability (ZDI-17-758,769,780)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28462: ZDI-CAN-4661,4690,4673: Zero Day Initiative Vulnerability (Trend Micro Mobile Security)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
28465: SMB: Linux Samba Code Execution Vulnerability (EternalRed)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28536: HTTP: Trend Micro Mobile Security for Enterprise invite_devices SQL Injection (ZDI-17-749)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28536: ZDI-CAN-4652: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
29744: HTTP: Microsoft Windows JavaScript Array Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29744: ZDI-CAN-5077: Zero Day Initiative Vulnerability (Microsoft Edge)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 29766: HTTP: Microsoft Office OOXML Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 29832: HTTP: Microsoft Chakra Regular Expression Integer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29832: ZDI-CAN-5198: Zero Day Initiative Vulnerability (Microsoft Chakra)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
* 26410: HTTP: Microsoft Word RTF Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category changed from "Vulnerabilities" to "Exploits".
* 27484: HTTP: Microsoft Word RTF Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category changed from "Vulnerabilities" to "Exploits".
* 29784: HTTP: Microsoft Excel Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29784: ZDI-CAN-5105: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
- Description updated.
- Vulnerability references updated.
* 29794: HTTP: Microsoft Windows VBScript Join Function Integer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29794: ZDI-CAN-5112: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Vulnerability references updated.
Removed Filters: None
Top of the Page