Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9047

    • Updated:
    • 22 Dec 2017
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9047      December 19, 2017
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Deployment of 3.2.0 DV
Customers with 10/110/330 systems that are running the 3.2.0 DV may see critical /usr partition usage errors in the system log. This is a benign, temporary message and the partition usage is immediately remedied as indicated by log messages following the error.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9047.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9047.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:


    29943: ZDI-CAN-5149: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29944: ZDI-CAN-5150: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    29945: ZDI-CAN-5151: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    30062: HTTP: Red Hat JBoss doFilter Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Red Hat JBoss.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 100591
        - Common Vulnerabilities and Exposures: CVE-2017-12149 CVSS 7.5

    30094: SMTP: Exim BDAT Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Exim BDAT.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-16943 CVSS 7.5

    30095: SMTP: Exim BDAT Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Exim BDAT.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-16944 CVSS 5.0

    30123: TLS: Server Fatal Alert  Record (ROBOT)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a TLS Server Fatal Alert record.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2016-6883, CVE-2017-1000385, CVE-2017-13098, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-6168

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    10894: HTTP: Adobe Acrobat Reader ACE.dll ICC mluc Integer Overflow
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 11381: HTTP: Malicious PDF Document Download
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    13666: HTTP: Adobe Flash Player SharedObject Use-After-Free Vulnerability
      - IPS Version: 3.1.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    19559: HTTP: Microsoft Windows OpenType Font LZCOMP Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 19880: HTTP: Adobe Reader CoolType Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 19994: HTTP: SAP 3D Visual Enterprise Viewer JPEG2000 File Out-Of-Bounds Indexing (ZDI-15-529)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 20070: HTTP: Proface GP-Pro EX D-Script Buffer Overflow Vulnerability (ZDI-16-006)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 20299: HTTP: Adobe Acrobat Reader DC AcroForm Buffer Overflow Vulnerability (ZDI-15-476)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    20329: HTTP: Microsoft Windows Malicious OpenType Font File Download
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    20445: HTTP: Adobe Flash Malicious File Download
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 20823: HTTP: Microsoft Windows PDF Library Memory Corruption Vulnerability (ZDI-16-156)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "20823: HTTP: Microsoft Windows PDF Library Memory Corruption Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    21329: HTTP: Microsoft Edge TextData Type Confusion Information Disclosure Vulnerability (ZDI-16-019)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    21938: HTTP: Adobe Flash MPEG-4 Use-After-Free Vulnerability (ZDI-15-657)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    22298: HTTP: Adobe Flash MPEG-4 Out-of-Bounds Read Vulnerability (ZDI-15-659)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 22299: HTTP: Adobe Flash global init Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    22602: HTTP: Adobe Acrobat Reader DC Graphic State Parameter Dictionaries Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 22806: HTTP: Panasonic FPWIN Pro OPNISAMX Buffer Overflow Vulnerability (ZDI-16-330)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    22812: HTTP: Adobe Reader DC XFA preOpen Event Use-After-Free Vulnerability (ZDI-16-297)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    23761: HTTP: Adobe Flash FLV Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    23766: HTTP: Adobe Flash FLV Video File Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    23780: HTTP: Adobe Flash BlurFilter Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 24077: HTTP: Adobe Reader U3D Texture psd RLE Decompression Vulnerability (ZDI-11-069)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 24139: HTTP: Microsoft Windows popupmenu Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 24548: HTTP: Microsoft Windows Information Disclosure Vulnerability (Pwn2Own ZDI-16-281)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24660: HTTP: Adobe Acrobat Reader CLOD Memory Corruption Vulnerability (ZDI-10-116)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24662: HTTP: Adobe Reader U3D ShadingModifierBlock Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24695: HTTP: Adobe Reader ICC Parsing Buffer Overflow Vulnerability (ZDI-10-191)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24702: HTTP: Adobe Reader memset Memory Corruption Vulnerability (ZDI-11-065)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 24745: HTTP: Mozilla Firefox ClearKeyDecryptor Buffer Overflow Vulnerability (ZDI-16-673)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24805: HTTP: Microsoft Office XLS File Format Information Disclosure Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24989: HTTP: Microsoft Windows win32k.sys Privilege Escalation Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 25159: HTTP: Microsoft Windows ExtTextOut Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 25170: HTTP: Microsoft Windows clfs.sys BLF Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    25333: HTTP: Adobe Reader DC Global Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 25339: HTTP: Adobe Reader DC XFA CPDField Use-After-Free Vulnerability (ZDI-16-559)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    25368: HTTP: Delta Industrial Automation ISPSoft DVP File Parsing Buffer Overflow Vulnerability(ZDI-16-655)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    25369: HTTP: Delta Industrial Automation WPLSoft DVP File Parsing Buffer Overflow Vulnerability(ZDI-16-656)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    25370: HTTP: Delta Industrial Automation WPLSoft DVP File Parsing Buffer Overflow Vulnerability(ZDI-16-657)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 25373: HTTP: Adobe Digital Editions FlateDecode Out-of-Bounds Read Vulnerability (ZDI-16-636)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 25446: HTTP: Adobe Acrobat JPEG2000 Parsing Out-Of-Bounds Read Vulnerability (ZDI-16-573)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 26118: HTTP: Microsoft Internet Explorer textContent Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    26177: HTTP: Microsoft Excel BrtRangeProtection Information Disclosure Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 26273: ZDI-CAN-3979: Zero Day Initiative Vulnerability (Adobe Digital Editions)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    * 26275: HTTP: Adobe Digital Editions PDF Parsing Out-of-Bounds Read Vulnerability (ZDI-17-105)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    26401: HTTP: Advantech WebAccess TpMegaJVT startSoundRecord Buffer Overflow Vulnerability (ZDI-17-530)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26401: ZDI-CAN-4087: Zero Day Initiative Vulnerability (Advantech WebAccess)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    26402: HTTP: Advantech WebAccess TpMegaJVT createStream Buffer Overflow Vulnerability (ZDI-17-559)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26402: ZDI-CAN-4086: Zero Day Initiative Vulnerability (Advantech WebAccess)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 27410: HTTP: Apache Struts Multipart Encoding Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    28028: RPC: Oracle Solaris XDR Buffer Overflow Vulnerability (EbbisLand)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    28189: HTTP: Microsoft Windows COM Privilege Escalation Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 28220: HTTP: Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-405)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 28231: HTTP: HPE Intelligent Management Center PLAT flexFileUpload File Upload Vulnerability (ZDI-17-849)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "28231: ZDI-CAN-4758: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    28478: HTTP: Adobe Acrobat Pro DC PDF Annotation Use-After-Free Vulnerability (ZDI-17-633)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    28548: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-17-598)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 29148: HTTP: Cisco Prime Network Analysis Module graph sfile Directory Traversal Vulnerability (ZDI-17-918)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29148: ZDI-CAN-4918: Zero Day Initiative Vulnerability (Cisco Prime Network Analysis Module)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    29559: HTTP: Foxit Reader Circle Annotations author Use-After-Free Vulnerability (ZDI-17-875)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29559: ZDI-CAN-5023: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    29599: HTTP: Microsoft Office Excel .xlsb Buffer Overflow Vulnerability (ZDI-17-727)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    29634: ZDI-CAN-5035: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    29864: ZDI-CAN-5268: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    29873: ZDI-CAN-5275: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    29877: ZDI-CAN-5283: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    29878: ZDI-CAN-5284: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    29883: ZDI-CAN-5287: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    29936: ZDI-CAN-5142: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    30097: HTTP: Apache Struts 2 Suspicious ClassName in Jackson Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30097: HTTP: Apache Struts 2 Suspicious ClassName in JSON Request".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30598: HTTP: Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Vulnerability (ZDI-16-574)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    26194: HTTP: Advantech WebAccess nvA1Media Buffer Overflow Vulnerability (ZDI-17-537,547,552,555,566)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26194: ZDI-CAN-4069,4070,4071,4076,4077: Zero Day Initiative Vulnerability (Advantech WebAccess)".
      - Description updated.
      - Vulnerability references updated.

    26397: HTTP: Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Buffer Overflow(ZDI-17-545,ZDI-17-564)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26397: ZDI-CAN-4080,4081: Zero Day Initiative Vulnerability (Advantech WebAccess)".
      - Description updated.
      - Vulnerability references updated.

    26398: HTTP: Advantech WebAccess RtspVapgDecoderNew2 Buffer Overflow (ZDI-17-529,541,558,562)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26398: ZDI-CAN-4082-4085: Zero Day Initiative Vulnerability (Advantech WebAccess)".
      - Description updated.
      - Vulnerability references updated.

    26403: HTTP: Advantech WebAccess TpMegaJVT getSectionValue createStream Buffer Overflow (ZDI-17-533)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26403: ZDI-CAN-4088: Zero Day Initiative Vulnerability (Advantech WebAccess)".
      - Description updated.
      - Vulnerability references updated.

    26409: HTTP: Advantech WebAccess TpMegaJVT setGroupIp Buffer Overflow Vulnerability (ZDI-17-544)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "26409: ZDI-CAN-4090: Zero Day Initiative Vulnerability (Advantech WebAccess)".
      - Description updated.
      - Vulnerability references updated.

    * 28286: HTTP: Trend Micro Mobile Security for Enterprise SQL Injection (ZDI-17-737,739-741,743-744,747-748)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    29523: HTTP: Foxit Reader Annotations arrowEnd Use-After-Free Vulnerability (ZDI-17-859)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29523: ZDI-CAN-4979: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29524: HTTP: Foxit Reader Field value Use-After-Free Vulnerability (ZDI-17-860)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29524: ZDI-CAN-4980: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29531: HTTP: Foxit Reader Link setAction Use-After-Free Vulnerability (ZDI-17-861)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29531: ZDI-CAN-4981: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29544: HTTP: Foxit Reader XFAScriptObject insert Type Confusion Vulnerability (ZDI-17-868)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29544: ZDI-CAN-5016: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29545: HTTP: Foxit Reader XFAScriptObject remove Type Confusion Vulnerability (ZDI-17-869)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29545: ZDI-CAN-5017: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29546: HTTP: Foxit Reader XFA Nodes formNodes Type Confusion Vulnerability (ZDI-17-870)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29546: ZDI-CAN-5018: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29552: HTTP: Foxit Reader XFA Nodes append Type Confusion Vulnerability (ZDI-17-871)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29552: ZDI-CAN-5019: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29563: HTTP: Foxit Reader Caret Annotations style Use-After-Free Vulnerability (ZDI-17-876)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29563: ZDI-CAN-5024: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29564: HTTP: Foxit Reader Text Annotations style Use-After-Free Vulnerability (ZDI-17-877)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29564: ZDI-CAN-5025: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29565: HTTP: Foxit Reader FileAttachment Annotations style Use-After-Free Vulnerability (ZDI-17-878)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29565: ZDI-CAN-5026: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29849: HTTP: Foxit Reader XFA picture Type Confusion Vulnerability (ZDI-17-889)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29849: ZDI-CAN-5216: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29885: HTTP: Foxit Reader clearItems Type Confusion Vulnerability (ZDI-17-893)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29885: ZDI-CAN-5288: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29886: HTTP: Foxit Reader util printf Out-Of-Bounds Read Vulnerability (ZDI-17-895)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29886: ZDI-CAN-5290: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29888: HTTP: Foxit Reader App response Use-After-Free Vulnerability (ZDI-17-896)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29888: ZDI-CAN-5294: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29889: HTTP: Foxit Reader addAnnot Use-After-Free Vulnerability (ZDI-17-897)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29889: ZDI-CAN-5295: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    29895: HTTP: Foxit Reader removeField Use-After-Free Vulnerability (ZDI-17-898)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29895: ZDI-CAN-5296: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters: None
  

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000098570
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.