Summary
Digital Vaccine #9086 April 10, 2018
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before April 10, 2018. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE # | TippingPoint Filter # | Status |
CVE-2018-0870 | 31038 | |
CVE-2018-0871 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0887 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0890 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0892 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0920 | 31039 | |
CVE-2018-0950 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0956 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0957 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0960 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0963 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0964 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0966 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0967 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0968 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0969 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0970 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0971 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0972 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0973 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0974 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0975 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0976 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0979 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0980 | 31040 | |
CVE-2018-0981 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0986 | 31136 | |
CVE-2018-0987 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0988 | 31041 | |
CVE-2018-0989 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0990 | 31061 | |
CVE-2018-0991 | 31061 | |
CVE-2018-0993 | 31043 | |
CVE-2018-0994 | 31044 | |
CVE-2018-0995 | 31060 | |
CVE-2018-0996 | 31069 | |
CVE-2018-0997 | 31076 | |
CVE-2018-0998 | 31077 | |
CVE-2018-1000 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1001 | 31075 | |
CVE-2018-1002 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1003 | 31079 | |
CVE-2018-1004 | 31080 | |
CVE-2018-1005 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1007 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1008 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1009 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1010 | 31081 | |
CVE-2018-1011 | 31074 | |
CVE-2018-1012 | 31072 | |
CVE-2018-1013 | 31070 | |
CVE-2018-1014 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1015 | 31067 | |
CVE-2018-1016 | 31064 | |
CVE-2018-1018 | 31060 | |
CVE-2018-1019 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1020 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1022 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1023 | 31062 | |
CVE-2018-1026 | 31063 | |
CVE-2018-1027 | 31066 | |
CVE-2018-1028 | 31073 | |
CVE-2018-1029 | 31068 | |
CVE-2018-1030 | 31071 | |
CVE-2018-1032 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1034 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1037 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8116 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8117 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9086.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9086.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
30730: UDP: Heimdal KDC ASN1 DER Length Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Heimdal, a Kerberos implementation. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2017-17439 CVSS 5.0 30919: HTTP: HP Application Lifecycle Management ActiveX Insecure Method Exposure Vulnerability(ZDI-12-170) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit an insecure method exposure vulnerability in HP Application Lifecycle Management. - Deployment: Not enabled by default in any deployment. - References: - Zero Day Initiative: ZDI-12-170 30944: TNS: Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle Warehouse Builder. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 47431 - Common Vulnerabilities and Exposures: CVE-2011-0799 CVSS 6.5 30952: Gopher: Squid Proxy Gopher Response Processing Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Squid Proxy. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 49356 - Common Vulnerabilities and Exposures: CVE-2011-3205 CVSS 6.8 30954: HTTP: Microsoft Windows Shell Zip File Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a code execution vulnerability in the Microsoft Windows Shell component. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 103259 - Common Vulnerabilities and Exposures: CVE-2018-0883 31015: NNTP: InterNetNews NULL Path Denial-of-Service Vulnerabilities - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: The filter detects an attempt to exploit denial-of-service vulnerability in InterNetNews. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31016: HTTP: Mozilla SOAPParameter Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Mozilla. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 15495 - Common Vulnerabilities and Exposures: CVE-2004-0722 CVSS 10.0 31017: HTTP: PHP http_fopen_wrapper Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in PHP. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 103204 - Common Vulnerabilities and Exposures: CVE-2018-7584 31018: HTTP: Microsoft Internet Explorer and Edge Substring New Out-of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Internet Explorer and Edge. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 103309 - Common Vulnerabilities and Exposures: CVE-2018-0891 31019: RDP: Microsoft Windows CredSSP MITM Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 103265 - Common Vulnerabilities and Exposures: CVE-2018-0886 31022: TNS: Oracle Warehouse Builder WB_OLAP_AW_REMOVE_SOLVE_ID SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle Warehouse Builder. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 47431 - Common Vulnerabilities and Exposures: CVE-2011-0799 CVSS 6.5 31025: HTTP: Microsoft Windows Deskpan.dll Library Loading Privilege Escalation Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to access deskpan.dll over HTTP. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2011-1991 CVSS 9.3 - Microsoft Security Bulletin: MS11-071 31029: TNS: Oracle Warehouse Builder WB_OLAP_AW_SET_SOLVE_ID SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle Warehouse Builder. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 47431 - Common Vulnerabilities and Exposures: CVE-2011-0799 CVSS 6.5 31030: HTTP: VideoLAN VLC Media Player MKV Demuxer Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in VideoLAN VLC Media Player. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 46060 - Common Vulnerabilities and Exposures: CVE-2011-0531 CVSS 9.3 31032: HTTP: Cisco AnyConnect VPN Client ActiveX Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Cisco AnyConnect VPN Client. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2011-2039 CVSS 7.6 31033: SMB: IEShims DLL Sideloading Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a DLL sideloading vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2011-0038 CVSS 9.3 - Microsoft Security Bulletin: MS11-003 31034: HTTP: Microsoft Internet Explorer Invalid Pointer Remote memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 38615 - Common Vulnerabilities and Exposures: CVE-2010-0806 CVSS 9.3 - Microsoft Security Bulletin: MS10-018 31035: HTTP: IEShims DLL Sideloading Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a DLL sideloading vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2011-0038 CVSS 9.3 - Microsoft Security Bulletin: MS11-003 31036: HTTPS: HP iNode Management Center iNodeMngChecker.exe Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in HP iNode Management Center. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 48527 - Common Vulnerabilities and Exposures: CVE-2011-1867 CVSS 10.0 - Zero Day Initiative: ZDI-11-232 31037: HTTP: Microsoft Internet Explorer Yahoo Toolbar Policy Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a policy bypass vulnerability in Internet Explorer Yahoo Toolbar. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) 31038: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-0870 31039: HTTP: Microsoft Excel Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-0920 31040: HTTP: Microsoft Chakra Scripting Engine TypedArray Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0980 31041: HTTP: Microsoft Internet Explorer InStr Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0988 31043: HTTP: Microsoft Chakra Scripting Engine WeakMap Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0993 31044: HTTP: Microsoft Chakra Scripting Engine CollectGarbage Use-After-free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0994 31046: HTTP: HP Intelligent Management Center Database Credentials Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an information disclosure vulnerability in HP Intelligent Management Center Database. - Deployment: Not enabled by default in any deployment. 31047: HTTP: SAP GUI SAPBExCommonResources ActiveX Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in SAP GUI. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) 31048: HTTP: Microsoft Office Excel XLSX File Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Office Excel. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2010-0263 CVSS 9.3 - Zero Day Initiative: ZDI-10-025 31049: HTTP: Mozilla Firefox Plugin Access Control Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Mozilla Firefox Plugin. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2005-0527 CVSS 5.1 31056: HTTP: RealNetworks RealGames StubbyUtil.ProcessMgr ActiveX Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in RealNetworks RealGames. - Deployment: Not enabled by default in any deployment. 31058: HTTP: Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Excel. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 38555 - Common Vulnerabilities and Exposures: CVE-2010-0264 CVSS 9.3 - Microsoft Security Bulletin: MS10-017 31059: TNS: Oracle Database Server DBMS_CDC_PUBLISH Multiple Procedure SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle Database Server. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 39438 - Common Vulnerabilities and Exposures: CVE-2010-0870 CVSS 3.6 31060: HTTP: Microsoft Edge and Internet Explorer Array Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge and Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0995, CVE-2018-1018 31061: HTTP: Microsoft Edge and Internet Explorer Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a Use-after-Free vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0990, CVE-2018-0991 31062: HTTP: Microsoft Internet Explorer ReDim Use-after-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-1023 31063: HTTP: Microsoft Excel Use-after-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft excel. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1026 31064: HTTP: Microsoft Windows TrueType Font Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1016 31066: HTTP: Microsoft Excel Use-after-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1027 31067: HTTP: Microsoft Windows TrueType Font Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1015 31068: HTTP: Microsoft Excel Use-after-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1029 31069: HTTP: Internet Explorer Scripting Engine link Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0996 31070: HTTP: Microsoft Windows TrueType Font Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1013 31071: HTTP: Microsoft Excel Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1030 31072: HTTP: Microsoft Windows TrueType Font Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1012 31073: HTTP: Microsoft Office Excel Graphics User-after-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Office Excel Graphics. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1028 31074: HTTP: Microsoft Excel Binary Workbook Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Excel. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1011 31075: HTTP: Microsoft Internet Explorer iframe Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-1001 31076: HTTP: Microsoft Internet Explorer CollectGarbage Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0997 31077: HTTP: Microsoft Edge Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0998 31079: HTTP: Microsoft JET Database Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft JET. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2018-1003 31080: HTTP: Microsoft Windows VBScript Engine ReDim Use-after-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows VBScript Engine. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-1004 31081: HTTP: Microsoft Windows EOT Font Engine Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows EOT Font Engine. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1010 31136: HTTP: Microsoft Malware Protection Engine Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Malware Protection Engine. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-0986 31139: ZDI-CAN-5525: Zero Day Initiative Vulnerability (Apple Safari) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31141: ZDI-CAN-5526: Zero Day Initiative Vulnerability (Apple Safari) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31143: ZDI-CAN-5527: Zero Day Initiative Vulnerability (Foxit Reader) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31145: ZDI-CAN-5528,5331: Zero Day Initiative Vulnerability (Foxit Reader) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 31146: ZDI-CAN-5529: Zero Day Initiative Vulnerability (Foxit Reader) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 31147: ZDI-CAN-5533,5534: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Encryption for Email Gateway. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 31162: TCP: Cisco Smart Install Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Cisco Smart Install Devices. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-0171 Modified Filters (logic changes): * = Enabled in Default deployments * 0317: Nmap scanner: NULL OS Fingerprinting Probe - IPS Version: 1.0.0 and after. - NGFW Version: Not available. - TPS Version: 4.0.0 and after in IPS Persona mode. - vTPS Version: 4.0.1 and after in IPS Persona mode. - Requires: Only IPS models or TPS in IPS Persona - Detection logic updated. 4960: SMTP: Microsoft Outlook iCal Meeting Request VEVENT Record Memory Corruption Vulnerability - IPS Version: 1.4.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 8071: TIVOLI: IBM Tivoli Storage Manager Express Backup Server Heap Corruption Vulnerability - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "8071: TIVOLI: IBM Tivoli Storage Manager Express Backup Server Heap Corruption". - Description updated. - Detection logic updated. - Vulnerability references updated. 9667: DNS: Windows SMTP Service Denial of Service via Crafted DNS MX Records - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. 10148: HTTP: Apple WebKit Button First Letter Style Memory Corruption Vulnerability (ZDI-10-154) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10148: HTTP: Apple WebKit Button First Letter Style Memory Corruption (ZDI-10-154)". - Description updated. - Detection logic updated. - Vulnerability references updated. 10594: HTTP: Oracle Java Unsigned Applet Remote Code Execution Vulnerability (ZDI-11-084) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. * 10634: HTTP: Microsoft Office Memory Corruption Vulnerability (ZDI-10-246) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. * 11369: HTTP: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability (ZDI-11-207) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 11664: SMTP: Exim Overlong Message Logging Buffer Overflow Vulnerability - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 13678: HTTP: Hewlett-Packard Universal CMDB Default Credentials Usage (ZDI-14-230) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 16301: HTTP: Sophos Web Appliance change_password Privilege Escalation Vulnerability (ZDI-14-069) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. * 16305: HTTPS: Sophos Web Appliance change_password Privilege Escalation Vulnerability (ZDI-14-069) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "16305: HTTP: Sophos Web Appliance change_password Privilege Escalation Vulnerability (ZDI-14-069)". - Description updated. - Detection logic updated. - Vulnerability references updated. 16558: UDP: Skype Login Attempt (Non-Proxied) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 28894: HTTP: Quest NetVault Backup NVBUBackup Methods SQL Injection Vulnerability (ZDI-17-988,990-993) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 30242: HTTP: Microsoft Windows EOT Font Embedding Information Disclosure Vulnerability (ZDI-18-240) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "30242: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability". - Description updated. - Detection logic updated. - Vulnerability references updated. 30440: HTTP: Adobe Acrobat Pro DC ImageConversion XPS TIFF Buffer Overflow Vulnerability (ZDI-18-170) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments * 3133: HTTP: Web Browser Heap Buffer Overflow Vulnerability(General) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "3133: HTTP: Web Browser Heap Buffer Overflow (General)". - Vulnerability references updated. 6375: HTTP: Microsoft Word Malformed Bitmap File Download (ZDI-08-055) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. * 9579: HTTP: Internet Explorer Memory Corruption Vulnerability - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 10610: TCP: Zend Server Java Bridge Communication Design Flaw (ZDI-11-113) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 10629: HTTP: Microsoft PowerPoint file containing RulerEntityOld atom download - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 10739: HTTP: Internet Explorer CSS Import Remote Code Execution - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. * 10744: HTTP: Internet Explorer CSS Import Remote Code Execution (ZDI-14-217) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. * 10783: TCP: Novell File Reporter Agent XML Parsing Buffer Overflow Vulnerability (ZDI-11-116) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "10783: Novell: Novell File Reporter Agent XML Parsing Buffer Overflow Vulnerability (ZDI-11-116)". - Vulnerability references updated. 10824: SMTP: Exim Overlong Message Logging Buffer Overflow Vulnerability - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 10877: SMB: Microsoft Office Groove File Access via SMB - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 10878: HTTP: Microsoft Office Groove File Access from WebDAV (MS11-016) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11058: HTTP: IBM Rational Quality Manager and Test Lab Manager Default Admin Credentials - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11235: SMB: IEShims.dll File Access via SMB - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11236: HTTP: IEShims.dll File Access from WebDAV (MS11-003) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11244: HTTP: Oracle Document Capture Information Disclosure - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11248: SMB: Dwmapi.dll File Access via SMB - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11249: HTTP: Dwmapi.dll File Access from WebDAV - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11279: HTTP: Novell File Reporter Engine RECORD Tag Buffer Overflow (ZDI-11-227) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11301: HTTP: Malicious Google Chrome Extension - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11436: SMB: MFC71 dll File Access via SMB - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11437: HTTP: MFC71 dll File Access from WebDAV (MS11-055) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11442: HTTP: Cisco Network Registrar Default Credential Use - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 11590: ARCSERVE: Computer Associates CA ARCserve D2D Default Username and Password - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11590: ARCSERVE: Computer Associates CA ARCserve D2D Default Username and Password". - Vulnerability references updated. 11626: HTTP: GE Proficy Historian KeyHelp ActiveX HTML Help Code Execution Vulnerability (ZDI-12-169) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "11626: HTTP: GE Proficy Historian KeyHelp ActiveX HTML Help Executable (ZDI-12-169)". - Category changed from "Security Policy" to "Vulnerabilities". - Description updated. - Vulnerability references updated. 11632: Oracle: Oracle SQL Injection Near Vulnerable Package - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 11634: Oracle: Oracle SQL Injection Near Vulnerable Package - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 11681: SMB: Deskpan.dll File Access via SMB - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 12139: HTTP: Apache HTTPD Cookie Handling Information Disclosure - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 12222: HTTP: Apple Safari Webkit libxslt Arbitrary File Creation - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. * 13286: HTTP: Microsoft Windows Theme File Remote Code Execution Vulnerability - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 16800: TCP: Non-Standard Function Declaration - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. Removed Filters: 11714: HTTP: Apache Axis2 Default Administrator Account Access - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after
Top of the Page