Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9086

    • Updated:
    • 11 Apr 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9086      April 10, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before April 10, 2018.
The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2018-0870  31038 
CVE-2018-0871 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0887 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0890 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0892 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0920  31039 
CVE-2018-0950 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0956 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0957 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0960 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0963 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0964 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0966 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0967 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0968 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0969 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0970 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0971 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0972 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0973 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0974 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0975 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0976 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0979 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0980  31040 
CVE-2018-0981 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0986  31136 
CVE-2018-0987 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0988  31041 
CVE-2018-0989 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0990  31061 
CVE-2018-0991  31061 
CVE-2018-0993  31043 
CVE-2018-0994  31044 
CVE-2018-0995  31060 
CVE-2018-0996  31069 
CVE-2018-0997  31076 
CVE-2018-0998  31077 
CVE-2018-1000 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1001  31075 
CVE-2018-1002 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1003  31079 
CVE-2018-1004  31080 
CVE-2018-1005 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1007 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1008 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1009 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1010  31081 
CVE-2018-1011  31074 
CVE-2018-1012  31072 
CVE-2018-1013  31070 
CVE-2018-1014 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1015  31067 
CVE-2018-1016  31064 
CVE-2018-1018  31060 
CVE-2018-1019 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1020 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1022 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1023  31062 
CVE-2018-1026  31063 
CVE-2018-1027  31066 
CVE-2018-1028  31073 
CVE-2018-1029  31068 
CVE-2018-1030  31071 
CVE-2018-1032 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1034 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1037 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8116 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8117 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9086.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9086.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    30730: UDP: Heimdal KDC ASN1 DER Length Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Heimdal, a Kerberos implementation.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-17439 CVSS 5.0

    30919: HTTP: HP Application Lifecycle Management ActiveX Insecure Method Exposure Vulnerability(ZDI-12-170)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an insecure method exposure vulnerability in HP Application Lifecycle Management.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-12-170

    30944: TNS: Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle Warehouse Builder.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 47431
        - Common Vulnerabilities and Exposures: CVE-2011-0799 CVSS 6.5

    30952: Gopher: Squid Proxy Gopher Response Processing Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Squid Proxy.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 49356
        - Common Vulnerabilities and Exposures: CVE-2011-3205 CVSS 6.8

    30954: HTTP: Microsoft Windows Shell Zip File Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a code execution vulnerability in the Microsoft Windows Shell component.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 103259
        - Common Vulnerabilities and Exposures: CVE-2018-0883

    31015: NNTP: InterNetNews NULL Path Denial-of-Service Vulnerabilities
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: The filter detects an attempt to exploit denial-of-service vulnerability in InterNetNews.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31016: HTTP: Mozilla SOAPParameter Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Mozilla.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 15495
        - Common Vulnerabilities and Exposures: CVE-2004-0722 CVSS 10.0

    31017: HTTP: PHP http_fopen_wrapper Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in PHP.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 103204
        - Common Vulnerabilities and Exposures: CVE-2018-7584

    31018: HTTP: Microsoft Internet Explorer and Edge Substring New Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Internet Explorer and Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 103309
        - Common Vulnerabilities and Exposures: CVE-2018-0891

    31019: RDP: Microsoft Windows CredSSP MITM Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 103265
        - Common Vulnerabilities and Exposures: CVE-2018-0886

    31022: TNS: Oracle Warehouse Builder WB_OLAP_AW_REMOVE_SOLVE_ID SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle Warehouse Builder.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 47431
        - Common Vulnerabilities and Exposures: CVE-2011-0799 CVSS 6.5

    31025: HTTP: Microsoft Windows Deskpan.dll Library Loading Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to access deskpan.dll over HTTP.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-1991 CVSS 9.3
        - Microsoft Security Bulletin: MS11-071

    31029: TNS: Oracle Warehouse Builder WB_OLAP_AW_SET_SOLVE_ID SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle Warehouse Builder.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 47431
        - Common Vulnerabilities and Exposures: CVE-2011-0799 CVSS 6.5

    31030: HTTP: VideoLAN VLC Media Player MKV Demuxer Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in VideoLAN VLC Media Player.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 46060
        - Common Vulnerabilities and Exposures: CVE-2011-0531 CVSS 9.3

    31032: HTTP: Cisco AnyConnect VPN Client ActiveX Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Cisco AnyConnect VPN Client.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-2039 CVSS 7.6

    31033: SMB: IEShims DLL Sideloading Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a DLL sideloading vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-0038 CVSS 9.3
        - Microsoft Security Bulletin: MS11-003

    31034: HTTP:  Microsoft Internet Explorer Invalid Pointer Remote memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 38615
        - Common Vulnerabilities and Exposures: CVE-2010-0806 CVSS 9.3
        - Microsoft Security Bulletin: MS10-018

    31035: HTTP: IEShims DLL Sideloading Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a DLL sideloading vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-0038 CVSS 9.3
        - Microsoft Security Bulletin: MS11-003

    31036: HTTPS: HP iNode Management Center iNodeMngChecker.exe Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in HP iNode Management Center.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 48527
        - Common Vulnerabilities and Exposures: CVE-2011-1867 CVSS 10.0
        - Zero Day Initiative: ZDI-11-232

    31037:  HTTP: Microsoft Internet Explorer Yahoo Toolbar Policy Bypass Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a policy bypass vulnerability in Internet Explorer Yahoo Toolbar.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    31038: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0870

    31039: HTTP: Microsoft Excel Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0920

    31040: HTTP: Microsoft Chakra Scripting Engine TypedArray Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0980

    31041: HTTP: Microsoft Internet Explorer InStr Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0988

    31043: HTTP: Microsoft Chakra Scripting Engine WeakMap Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0993

    31044: HTTP: Microsoft Chakra Scripting Engine CollectGarbage Use-After-free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0994

    31046: HTTP: HP Intelligent Management Center Database Credentials Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in HP Intelligent Management Center Database.
      - Deployment: Not enabled by default in any deployment.

    31047: HTTP: SAP GUI SAPBExCommonResources ActiveX Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in SAP GUI.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    31048: HTTP: Microsoft Office Excel XLSX File Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Office Excel.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2010-0263 CVSS 9.3
        - Zero Day Initiative: ZDI-10-025

    31049: HTTP: Mozilla Firefox Plugin Access Control Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Mozilla Firefox Plugin.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2005-0527 CVSS 5.1

    31056: HTTP: RealNetworks RealGames StubbyUtil.ProcessMgr ActiveX Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in RealNetworks RealGames.
      - Deployment: Not enabled by default in any deployment.

    31058: HTTP: Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Excel.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 38555
        - Common Vulnerabilities and Exposures: CVE-2010-0264 CVSS 9.3
        - Microsoft Security Bulletin: MS10-017

    31059: TNS: Oracle Database Server DBMS_CDC_PUBLISH Multiple Procedure SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle Database Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 39438
        - Common Vulnerabilities and Exposures: CVE-2010-0870 CVSS 3.6

    31060: HTTP: Microsoft Edge and Internet Explorer Array Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge and Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0995, CVE-2018-1018

    31061: HTTP: Microsoft Edge and Internet Explorer Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a Use-after-Free vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0990, CVE-2018-0991

    31062: HTTP: Microsoft Internet Explorer ReDim Use-after-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1023

    31063: HTTP: Microsoft Excel Use-after-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1026

    31064: HTTP: Microsoft Windows TrueType Font Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1016

    31066: HTTP: Microsoft Excel Use-after-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1027

    31067: HTTP: Microsoft Windows TrueType Font Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1015

    31068: HTTP: Microsoft Excel Use-after-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1029

    31069: HTTP: Internet Explorer Scripting Engine link Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0996

    31070: HTTP: Microsoft Windows TrueType Font Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1013

    31071: HTTP: Microsoft Excel Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1030

    31072: HTTP: Microsoft Windows TrueType Font Memory Corruption Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1012

    31073: HTTP: Microsoft Office Excel Graphics User-after-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Office Excel Graphics.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1028

    31074: HTTP: Microsoft Excel Binary Workbook Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1011

    31075: HTTP: Microsoft Internet Explorer iframe Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1001

    31076: HTTP: Microsoft Internet Explorer CollectGarbage Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0997

    31077: HTTP: Microsoft Edge Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0998

    31079: HTTP: Microsoft JET Database Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft JET.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1003

    31080: HTTP: Microsoft Windows VBScript Engine ReDim Use-after-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows VBScript Engine.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1004

    31081: HTTP: Microsoft Windows EOT Font Engine Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows EOT Font Engine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1010

    31136: HTTP: Microsoft Malware Protection Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Malware Protection Engine.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0986

    31139: ZDI-CAN-5525: Zero Day Initiative Vulnerability (Apple Safari)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31141: ZDI-CAN-5526: Zero Day Initiative Vulnerability (Apple Safari)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31143: ZDI-CAN-5527: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31145: ZDI-CAN-5528,5331: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    31146: ZDI-CAN-5529: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    31147: ZDI-CAN-5533,5534: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Encryption for Email Gateway.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    31162: TCP: Cisco Smart Install Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Cisco Smart Install Devices.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0171

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 0317: Nmap scanner: NULL OS Fingerprinting Probe
      - IPS Version: 1.0.0 and after.
      - NGFW Version: Not available.
      - TPS Version: 4.0.0 and after in IPS Persona mode.
      - vTPS Version: 4.0.1 and after in IPS Persona mode.
      - Requires: Only IPS models or TPS in IPS Persona
      - Detection logic updated.

    4960: SMTP: Microsoft Outlook iCal Meeting Request VEVENT Record Memory Corruption Vulnerability
      - IPS Version: 1.4.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 8071: TIVOLI: IBM Tivoli Storage Manager Express Backup Server Heap Corruption Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8071: TIVOLI: IBM Tivoli Storage Manager Express Backup Server Heap Corruption".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    9667: DNS: Windows SMTP Service Denial of Service via Crafted DNS MX Records
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    10148: HTTP: Apple WebKit Button First Letter Style Memory Corruption Vulnerability (ZDI-10-154)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "10148: HTTP: Apple WebKit Button First Letter Style Memory Corruption (ZDI-10-154)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    10594: HTTP: Oracle Java Unsigned Applet Remote Code Execution Vulnerability (ZDI-11-084)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 10634: HTTP: Microsoft Office Memory Corruption Vulnerability (ZDI-10-246)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 11369: HTTP: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability (ZDI-11-207)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    11664: SMTP: Exim Overlong Message Logging Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    13678: HTTP: Hewlett-Packard Universal CMDB Default Credentials Usage (ZDI-14-230)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    16301: HTTP: Sophos Web Appliance change_password Privilege Escalation Vulnerability (ZDI-14-069)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 16305: HTTPS: Sophos Web Appliance change_password Privilege Escalation Vulnerability (ZDI-14-069)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "16305: HTTP: Sophos Web Appliance change_password Privilege Escalation Vulnerability (ZDI-14-069)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    16558: UDP: Skype Login Attempt (Non-Proxied)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    28894: HTTP: Quest NetVault Backup NVBUBackup Methods SQL Injection Vulnerability (ZDI-17-988,990-993)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 30242: HTTP: Microsoft Windows EOT Font Embedding Information Disclosure Vulnerability (ZDI-18-240)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30242: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    30440: HTTP: Adobe Acrobat Pro DC ImageConversion XPS TIFF Buffer Overflow Vulnerability (ZDI-18-170)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 3133: HTTP: Web Browser Heap Buffer Overflow Vulnerability(General)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3133: HTTP: Web Browser Heap Buffer Overflow (General)".
      - Vulnerability references updated.

    6375: HTTP: Microsoft Word Malformed Bitmap File Download (ZDI-08-055)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 9579: HTTP: Internet Explorer Memory Corruption Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10610: TCP: Zend Server Java Bridge Communication Design Flaw (ZDI-11-113)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    10629: HTTP: Microsoft PowerPoint file containing RulerEntityOld atom download
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10739: HTTP: Internet Explorer CSS Import Remote Code Execution
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 10744: HTTP: Internet Explorer CSS Import Remote Code Execution (ZDI-14-217)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    * 10783: TCP: Novell File Reporter Agent XML Parsing Buffer Overflow Vulnerability (ZDI-11-116)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "10783: Novell: Novell File Reporter Agent XML Parsing Buffer Overflow Vulnerability (ZDI-11-116)".
      - Vulnerability references updated.

    10824: SMTP: Exim Overlong Message Logging Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    10877: SMB: Microsoft Office Groove File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10878: HTTP: Microsoft Office Groove File Access from WebDAV (MS11-016)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11058: HTTP: IBM Rational Quality Manager and Test Lab Manager Default Admin Credentials
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11235: SMB: IEShims.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11236: HTTP: IEShims.dll File Access from WebDAV (MS11-003)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11244: HTTP: Oracle Document Capture Information Disclosure 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11248: SMB: Dwmapi.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11249: HTTP: Dwmapi.dll File Access from WebDAV
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11279: HTTP: Novell File Reporter Engine RECORD Tag Buffer Overflow (ZDI-11-227)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11301: HTTP:  Malicious Google Chrome Extension
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11436: SMB: MFC71 dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11437: HTTP: MFC71 dll File Access from WebDAV (MS11-055)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11442: HTTP: Cisco Network Registrar Default Credential Use
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11590: ARCSERVE: Computer Associates CA ARCserve D2D Default Username and Password
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "11590: ARCSERVE:  Computer Associates CA ARCserve D2D Default Username and Password".
      - Vulnerability references updated.

    11626: HTTP: GE Proficy Historian KeyHelp ActiveX HTML Help Code Execution Vulnerability (ZDI-12-169)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "11626: HTTP: GE Proficy Historian KeyHelp ActiveX HTML Help Executable (ZDI-12-169)".
      - Category changed from "Security Policy" to "Vulnerabilities".
      - Description updated.
      - Vulnerability references updated.

    11632: Oracle: Oracle SQL Injection Near Vulnerable Package
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    11634: Oracle: Oracle SQL Injection Near Vulnerable Package
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    11681: SMB: Deskpan.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    12139: HTTP: Apache HTTPD Cookie Handling Information Disclosure
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    12222: HTTP: Apple Safari Webkit libxslt Arbitrary File Creation
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 13286: HTTP: Microsoft Windows Theme File Remote Code Execution Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    16800: TCP: Non-Standard Function Declaration
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

  Removed Filters:

    11714: HTTP: Apache Axis2 Default Administrator Account Access
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000104608
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.