Summary
Digital Vaccine #9046 December 12, 2017
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| Deployment of 3.2.0 DV |
| Customers with 10/110/330 systems that are running the 3.2.0 DV may see critical /usr partition usage errors in the system log. This is a benign, temporary message and the partition usage is immediately remedied as indicated by log messages following the error. |
| Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before December 12, 2017. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
| CVE # | TippingPoint Filter # | Status |
| CVE-2017-11885 | 30092 | |
| CVE-2017-11886 | 30069 | |
| CVE-2017-11887 | 20792 | |
| CVE-2017-11888 | 30070 | |
| CVE-2017-11889 | 30075 | |
| CVE-2017-11890 | 30068 | |
| CVE-2017-11893 | 30076 | |
| CVE-2017-11894 | 30077 | |
| CVE-2017-11895 | 30078 | |
| CVE-2017-11899 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11901 | *29900 | |
| CVE-2017-11903 | 30079 | |
| CVE-2017-11905 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11906 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11907 | 30081 | |
| CVE-2017-11908 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11909 | 30082 | |
| CVE-2017-11910 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11911 | 30083 | |
| CVE-2017-11912 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11913 | *29786 | |
| CVE-2017-11914 | 30080 | |
| CVE-2017-11916 | 30085 | |
| CVE-2017-11918 | 30074 | |
| CVE-2017-11919 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11927 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11930 | 30086 | |
| CVE-2017-11932 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11934 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11935 | 30088 | |
| CVE-2017-11936 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-11937 | 30093 | |
| CVE-2017-11939 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9046.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9046.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
30058: HTTP: Oracle Identity Manager Security Bypass Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a security bypass vulnerability in Oracle Identity Manager.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 101619
- Common Vulnerabilities and Exposures: CVE-2017-10151 CVSS 7.5
30068: HTTP: Microsoft jscript RegExp Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11890
30069: HTTP: Microsoft Internet Explorer VBScript ReDim Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11886
30070: HTTP: Microsoft Edge edgehtml.dll Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11888
30074: HTTP: Microsoft Edge Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11918
30075: HTTP: Microsoft Edge Array Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11889
30076: HTTP: Microsoft Edge Math Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11893
30077: HTTP: Microsoft Edge Regular Expression Integer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11894
30078: HTTP: Microsoft Edge Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11895
30079: HTTP: Microsoft Internet Explorer Array.prototype Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11903
30080: HTTP: Microsoft Edge Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11914
30081: HTTP: Microsoft Internet Explorer Array Sort Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11907
30082: HTTP: Microsoft Edge Array Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11909
30083: HTTP: Microsoft Edge ASM Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11911
30085: HTTP: Microsoft Edge Array Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11916
30086: HTTP: Microsoft Edge Array Integer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11930
30087: TCP: Oracle Tuxedo Jolt Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: his filter detects an attempt to exploit a buffer overflow vulnerability in Oracle Tuxedo.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 101870
- Common Vulnerabilities and Exposures: CVE-2017-10278 CVSS 6.8
30088: HTTP: Microsoft Excel Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free in Microsoft Office Excel.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11935
30092: SMB: Microsoft Windows iprtrmgr.dll Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11885
30093: HTTP: Microsoft Defender Archive Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows Defender.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-11937
30097: HTTP: Apache Struts 2 Suspicious ClassName in JSON Request
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the usage of a blacklisted class name being used in a JSON request.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 102021
- Common Vulnerabilities and Exposures: CVE-2017-15707, CVE-2017-7525
Modified Filters (logic changes):
* = Enabled in Default deployments
4804: HTTP: SQL Injection (Cookie Header)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 10916: HTTP: Malicious Adobe Shockwave Flash Player File Download
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 12807: HTTP: Adobe Reader TrueType Font MINDEX Integer Overflow Vulnerability (TPTI-12-03)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 13002: HTTP: Adobe Flash Player RegExp Heap Overflow Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 17110: HTTP: Microsoft Internet Explorer CSS Memory Corruption Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
19221: HTTP: Adobe Reader Malicious PDF Download
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19379: HTTP: Red Hat Package Manager CPIO Header Buffer Overflow Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19552: HTTP: Microsoft Windows Type-1 Font Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19749: HTTP: Adobe Flash Malicious File Download
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19760: HTTP: Malicious Jar File Download
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19765: HTTP: Adobe Flash Malicious File Download (ZDI-15-134)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19798: HTTP: Microsoft Excel pivotField Memory Corruption Vulnerability (ZDI-15-326)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19871: HTTP: Adobe Flash Malicious File Download
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
19967: HTTP: Apple QuickTime SGI Image File Buffer Overflow Vulnerability (ZDI-15-292)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19969: HTTP: Adobe Flash Malicious File Download
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 19993: HTTP: SAP 3D Visual Enterprise Viewer 3DM File Buffer Overflow Vulnerability (ZDI-15-526)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20032: HTTP: Proface GP-Pro EX Buffer Overflow Vulnerability (ZDI-16-003)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20033: HTTP: Proface GP-Pro EX Out-Of-Bounds Read Vulnerability (ZDI-16-004)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20059: HTTP: Microsoft Windows Malicious Executable Download
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 20107: HTTP: SAP 3D Visual Enterprise Viewer SketchUp document Use-After-Free Vulnerability (ZDI-16-173)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 20131: HTTP: SAP 3D Visual Enterprise Viewer SketchUp Document Use-After-Free Vulnerability (ZDI-16-174)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 20133: RFB: VNC Server Virtual Keyboard Command Injection Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 20137: HTTP: Adobe Reader Malicious PDF Download
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 20189: HTTP: Microsoft Windows Type Confusion Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "20189: HTTP: Microsoft Internet Explorer Type Confusion Vulnerability".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 20354: HTTP: Microsoft Internet Explore MutationObserver Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20831: HTTP: Microsoft Excel Binary Worksheet Use-After-Free Vulnerability (ZDI-15-639)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 20987: HTTP: Adobe Reader DC Forms Out-Of-Bounds Read Vulnerability (ZDI-16-013)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 21001: HTTP: Borland AccuRev Reprise License Manager Buffer Overflow Vulnerability (ZDI-15-414)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
* 21011: HTTP: Microsoft Excel Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 21324: HTTP: Adobe Acrobat Reader DC Fields Use-After-Free Vulnerability (ZDI-15-466)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
21900: HTTP: Adobe Flash AS2 Sound attachSound Use-After-Free Vulnerability (ZDI-15-560)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 21924: HTTP: Adobe Reader DC Out-Of-Bounds Indexing Vulnerability (ZDI-16-191)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 21925: HTTP: Adobe Reader JPEG2000 Out-Of-Bounds Indexing Vulnerability (ZDI-16-014)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
21939: HTTP: Adobe Flash MPEG-4 Out-of-Bounds Read Vulnerability (ZDI-15-658)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22004: HTTP: Microsoft Windows Uniscribe Integer Underflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22071: HTTP: Microsoft Excel Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22072: HTTP: Microsoft Word Out-of-Bounds Read Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22075: HTTP: Microsoft Word Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 22168: HTTP: Adobe Reader GDI JavaScript Information Disclosure Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22170: HTTP: Adobe Reader JPEG Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22196: HTTP: Apple iTunes m3u Playlist Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 22225: HTTP: Adobe Flash M3U8 Buffer Overflow Vulnerability (ZDI-15-636)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22295: HTTP: Adobe Flash MPEG-4 Uninitialized Pointer Vulnerability (ZDI-15-662)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22297: HTTP: Adobe Flash MPEG-4 Out-of-Bounds Read Vulnerability (ZDI-15-661)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 22304: SMB: Microsoft Windows COMSVCS.DLL Insecure Library Loading Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22600: HTTP: Adobe Acrobat Reader DC CoolType Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22601: HTTP: Adobe Acrobat Reader DC CoolType Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
23771: HTTP: Adobe Flash Out-of-Bounds Read Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
24039: HTTP: Panasonic FPWIN Pro SCTASK Out-of-Bounds Write Vulnerability (ZDI-16-337)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 24086: HTTP: Adobe Reader PICT Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 24398: HTTP: Schneider Electric U.motion Builder Authentication Bypass Vulnerability (ZDI-17-372)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24398: ZDI-CAN-3643: Zero Day Initiative Vulnerability (Schneider Electric U.motion Builder)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 24402: HTTP: Schneider Electric U.motion Builder editscript Directory Traversal Vulnerability (ZDI-17-376)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "24402: ZDI-CAN-3647: Zero Day Initiative Vulnerability (Schneider Electric U.motion Builder)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 24651: HTTP: Fatek Automation FvDesigner Buffer Overflow Vulnerability (ZDI-16-634)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
24659: HTTP: Adobe Reader CLUT Integer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 24727: HTTP: Adobe Acrobat Reader U3D Texture Parsing Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 24808: HTTP: Microsoft Edge PDF Out-of-Bounds Memory Access Vulnerability (ZDI-16-369)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 24813: HTTP: Microsoft Windows ProcessFontDisablePolicy Privilege Escalation Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 24814: HTTP: Microsoft Windows OpenType Font ATMFD.DLL Privilege Escalation Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
24983: HTTP: Microsoft Word wwlib Out-of-Bounds Memory Access Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
24987: HTTP: Microsoft Windows win32k.sys Privilege Escalation Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 24993: HTTP: Symantec Multiple Products ASPack Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 25169: HTTP: Microsoft Windows clfs.sys BLF Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 25176: HTTP: Microsoft Windows Win32k-GDI Privilege Escalation Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 25230: HTTP: Microsoft Windows tm.sys BLF Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 25232: HTTP: Microsoft Windows win32kfull.sys Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 25321: HTTP: Adobe Reader DC Font Engine Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
25326: HTTP: Adobe Reader DC JavaScript eval Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 25622: HTTP: Microsoft Windows Graphics Component Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 25625: TLS: IBM Cognos TM1 Admin Server and Cognos Express tm1admsd.exe Buffer Overflow (ZDI-12-101)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
25723: HTTP: Microsoft Windows OTF CMAP Table Information Disclosure Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26175: HTTP: Microsoft PowerPoint FontEmbedDataBlob Out-of-Bounds Read Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
26176: HTTP: Microsoft Excel CrtMlFrt Out-of-Bounds Read Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
26411: HTTP: Advantech WebAccess TpMegaJVT Set_MD_Mode Buffer Overflow Vulnerability (ZDI-17-527)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26411: ZDI-CAN-4091: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
26414: TCP: Advantech WebAccess VideoDAQ SDFile Buffer Overflow Vulnerability (ZDI-17-540, ZDI-17-546)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26414: ZDI-CAN-4095,4096: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
26416: HTTP: Advantech WebAccess nvA1Media Caption Buffer Overflow Vulnerability (ZDI-17-539)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26416: ZDI-CAN-4097: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
26482: HTTP: Advantech WebAccess TpMegaJVT startSoundRecord Connect Buffer Overflow (ZDI-17-543)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26482: ZDI-CAN-4089: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 27046: HTTP: Microsoft Windows PDF Library Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
27059: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
27116: HTTP: Microsoft Excel File Recovery Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 27117: HTTP: Microsoft Excel Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
27379: HTTP: Microsoft Edge AsmJs Memory Corruption Vulnerability (ZDI-17-173)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 27822: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-583)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
27935: SMB: DoublePulsar Backdoor
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28035: HTTP: Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-577)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
28097: SIP: Digium Asterisk CDR Multiple Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28097: SIP: Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
28098: SIP: Digium Asterisk CDR Multiple Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28098: SIP: Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28198: HTTP: Microsoft Windows Kernel Privilege Escalation Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28200: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28211: HTTP: HPE Operations Orchestration Deserialization Code Execution (ZDI-17-715, ZDI-17-716)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
* 28228: HTTP: Trend Micro InterScan Messaging Security Proxy Command Injection Vulnerability(ZDI-17-502,504)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28287: HTTP: HPE Intelligent Management Center Insecure Deserialization (ZDI-17-831-33,ZDI-17-850-55)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "28287: ZDI-CAN-4759-4761: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 28481: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Information Disclosure Vulnerability (ZDI-17-616)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28612: HTTP: Mozilla Firefox Animated PNG Integer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28669: HTTP: Adobe Flash PNG Image IHDR Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28798: HTTP: Microsoft Edge PDF Library Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 29151: HTTP: Microsoft Internet Explorer and Excel Urlmon Information Disclosure Vulnerability (ZDI-17-847)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 29152: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability (ZDI-17-841)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 29153: HTTP: Microsoft Office PowerPoint Use-After-Free Vulnerability (ZDI-17-732)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29153: HTTP: Microsoft Office Powerpoint Use-After-Free Vulnerability (ZDI-17-732)".
- Description updated.
- Detection logic updated.
29366: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-623)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
29781: HTTP: Apple Safari Node Use-After-Free Vulnerability (ZDI-17-920)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29781: ZDI-CAN-5096: Zero Day Initiative Vulnerability (Apple Safari)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 29784: HTTP: Microsoft Excel Use-After-Free Vulnerability (ZDI-17-915)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 29786: HTTP: Microsoft Windows VBScript VT_BSTR Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29786: ZDI-CAN-5111,5243: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 29795: ZDI-CAN-5113: Zero Day Initiative Vulnerability (Microsoft Office Publisher)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Detection logic updated.
* 29866: HTTP: Apache Solr xmlparser XML External Entity Expansion Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
29882: ZDI-CAN-5286: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Detection logic updated.
* 29900: HTTP: Microsoft Chakra Javascript Array JIT Optimization Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29900: ZDI-CAN-5242: Zero Day Initiative Vulnerability (Microsoft Chakra)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
29938: ZDI-CAN-5144: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Detection logic updated.
* 34157: HTTP: Adobe Flash SWF Out-of-Bounds Read Vulnerability (ZDI-16-516)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 43747: HTTP: Adobe Flash FLV Tag Length Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
20792: HTTP: Microsoft Windows VBScript Join Function Use-After-Free Vulnerability (ZDI-15-591)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
25171: HTTP: Microsoft Edge Array Buffer Overflow Vulnerability (ZDI-16-535,ZDI-17-172,ZDI-17-171)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
26191: HTTP: Advantech WebAccess RtspVapgDecoderNew2 Buffer Overflow Vulnerability (ZDI-17-549, ZDI-17-560)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26191: ZDI-CAN-4068,4075: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Vulnerability references updated.
26412: HTTP: Advantech WebAccess TpMegaJVT CreateSound Buffer Overflow Vulnerability (ZDI-17-535)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26412: ZDI-CAN-4092: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Vulnerability references updated.
26413: HTTP: Advantech WebAccess TpMegaJVT CreateStream Buffer Overflow Vulnerability (ZDI-17-534)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26413: ZDI-CAN-4093: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Vulnerability references updated.
26415: HTTP: Advantech WebAccess bwocxrun OpenUrlToBufferTimeout Buffer Overflow Vulnerability (ZDI-17-536)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26415: ZDI-CAN-4094: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Vulnerability references updated.
26417: HTTP: Advantech WebAccess nvA1Media Connect Buffer Overflow (ZDI-17-525,526,528,538,548,550,551,553)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26417: ZDI-CAN-4098-4109: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Vulnerability references updated.
26481: HTTP: Advantech WebAccess TpMegaJVT setCameraName Buffer Overflow Vulnerability (ZDI-17-561)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "26481: ZDI-CAN-4110: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Vulnerability references updated.
* 28006: HTTP: Trend Micro OfficeScan Proxy Command Injection Vulnerability (ZDI-17-521, ZDI-17-522)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Miscellaneous modification.
29553: HTTP: Foxit Reader Multiple Type Confusion Vulnerabilities (ZDI-17-872,ZDI-17-879,ZDI-17-881)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29553: ZDI-CAN-5020,5027,5029: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Vulnerability references updated.
29555: HTTP: Foxit Reader XFAScriptObject openList Type Confusion Vulnerability (ZDI-17-873)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29555: ZDI-CAN-5021: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Vulnerability references updated.
29556: HTTP: Foxit Reader XFAScriptObject setFocus Type Confusion Vulnerability (ZDI-17-874)
- IPS Version: 3.2.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29556: ZDI-CAN-5022: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Vulnerability references updated.
29566: HTTP: Foxit Reader Annotations modDate Use-After-Free Vulnerability (ZDI-17-880)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29566: ZDI-CAN-5028: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Vulnerability references updated.
29696: HTTP: Foxit Reader FormCalc closeDoc Type-Confusion Vulnerability (ZDI-17-883)
- IPS Version: 3.2.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and
