Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9088

    • Updated:
    • 18 Apr 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9088      April 17, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Adobe Security Bulletins
This DV includes coverage for the Adobe vulnerabilities released on or before April 10, 2018.
The following table maps TippingPoint filters to the Adobe CVEs.
Bulletin #CVE #TippingPoint Filter #
APSB18-08CVE-2018-493231154
APSB18-08CVE-2018-493331156
APSB18-08CVE-2018-493431186
APSB18-08CVE-2018-493531190
APSB18-08CVE-2018-493631201
APSB18-08CVE-2018-493731202
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9088.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9088.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    31051: SSL: Apache mod_ssl ssl_util_uuencode_binary Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Apache.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10355
        - Common Vulnerabilities and Exposures: CVE-2004-0488 CVSS 7.5

    31052: HTTPS: IBM Tivoli Provisioning Manager for OS Deployment HTTP Server Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Provisioning Manager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 27387
        - Common Vulnerabilities and Exposures: CVE-2008-0401 CVSS 10.0

    31053: HTTP: McAfee Multiple Products LHA Type-2 File Handling Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in McAfee Multiple Products.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10243, 12832
        - Common Vulnerabilities and Exposures: CVE-2005-0644 CVSS 7.5

    31082: HTTP: Mozilla Products IDN Spoofing Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an IDN Spoofing vulnerability in Mozilla products.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 12461
        - Common Vulnerabilities and Exposures: CVE-2005-0233 CVSS 7.5

    31133: HTTP: SAP GUI EAI WebViewer3D ActiveX Stack Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in SAP GUI EAI WebViewer3D ActiveX Control.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 34310
        - Common Vulnerabilities and Exposures: CVE-2007-4475 CVSS 9.3

    31135: POP: Eudora URL Handling Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Eudora E-mail client.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 4343
        - Common Vulnerabilities and Exposures: CVE-2002-1770 CVSS 5.0

    31137: MySQL: Sun MySQL Database Server PROCEDURE ANALYSE Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Sun MySQL Database Server.
      - Deployment: Not enabled by default in any deployment.

    31138: HTTPS: Oracle Secure Backup exec_qr Command Injection Vulnerability (ZDI-09-003)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Oracle Secure Backup.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 33177
        - Common Vulnerabilities and Exposures: CVE-2008-5448 CVSS 10.0
        - Zero Day Initiative: ZDI-09-003

    31140: UDP: IntelliCom NetBiter Config Utility Hostname Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IntelliCom NetBiter.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 37325
        - Common Vulnerabilities and Exposures: CVE-2009-4462 CVSS 10.0

    31142: HTTP: Microsoft IIS Multiple Extensions Security Bypass Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a policy bypass vulnerability in Microsoft IIS.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 37460
        - Common Vulnerabilities and Exposures: CVE-2009-4444 CVSS 6.0

    31148: UDP: MIT Kerberos KDC Cross Realm Referral Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in the MIT Kerberos KDC.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 37486
        - Common Vulnerabilities and Exposures: CVE-2009-3295 CVSS 5.0

    31149: TCP: IBM DB2 Database Server SQL REPEAT Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM DB2 Database Server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    31150: HTTP:  Microsoft Office Excel SxView Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Office Excel.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2009-3128 CVSS 9.3

    31151: HTTPS: Active Directory Federation Services Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Active Directory Federation Services (ADFS).
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 37214
        - Common Vulnerabilities and Exposures: CVE-2009-2509 CVSS 9.0
        - Microsoft Security Bulletin: MS09-070

    31152: TLS: OpenSSL TLS DTLS Heartbeat Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in OpenSSL.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 66690
        - Common Vulnerabilities and Exposures: CVE-2014-0160 CVSS 5.0

    31153: DHCPv6: ISC DHCP dhclient pretty_print_option Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in ISC DHCP dhclient.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 103187
        - Common Vulnerabilities and Exposures: CVE-2018-5732

    31154: HTTP: Adobe Flash RSL Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-4932

    31156: HTTP: Adobe Flash ATF Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-4933

    31157: HTTP: Google Chrome Multiple File Type Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Google Chrome.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36947
        - Common Vulnerabilities and Exposures: CVE-2009-3934 CVSS 4.3

    31159: TCP: HP OpenView Network Node Manager Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in the HP OpenView Network Node Manager.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 37046
        - Common Vulnerabilities and Exposures: CVE-2009-3840 CVSS 5.0

    31161: ZDI-CAN-5538: Zero Day Initiative Vulnerability (GE MDS PulseNET)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting GE MDS PulseNET.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31163: ZDI-CAN-5539: Zero Day Initiative Vulnerability (GE MDS PulseNET)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting GE MDS PulseNET.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31164: ZDI-CAN-5540: Zero Day Initiative Vulnerability (GE MDS PulseNET)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting GE MDS PulseNET.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31165: ZDI-CAN-5541: Zero Day Initiative Vulnerability (GE MDS PulseNET)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting GE MDS PulseNET.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31166: TCP: Sun MySQL Database SELECT Subquery Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Sun MySQL Database.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    31167: ZDI-CAN-5544: Zero Day Initiative Vulnerability (Apple Safari)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31168: HTTP: Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in the Symantec products.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 37092
        - Common Vulnerabilities and Exposures: CVE-2009-3033 CVSS 9.3

    31169: HTTP: VideoLAN VLC Media Player SMB Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in VideoLAN VLC Media Player.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    31170: HTTP: Novell eDirectory dhost HTTPSTK Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Novell eDirectory.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 37042
        - Common Vulnerabilities and Exposures: CVE-2009-4654 CVSS 9.0

    31171: HTTPS: Novell eDirectory dhost HTTPSTK Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Novell eDirectory.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 37042
        - Common Vulnerabilities and Exposures: CVE-2009-4654 CVSS 9.0

    31172: HTTP: Oracle Document Capture EasyMail SMTP AddAttachment Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Oracle Document Capture.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36440
        - Common Vulnerabilities and Exposures: CVE-2009-4663 CVSS 9.3

    31173: HTTP: Novell eDirectory dhost Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Novell eDirectory.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36815

    31174: HTTPS: Novell eDirectory dhost Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Novell eDirectory.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36815

    31176: HTTP: Oracle Java JRE Pack200 Decompression Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Oracle Java JRE.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 34240
        - Common Vulnerabilities and Exposures: CVE-2009-1095 CVSS 10.0

    31177: HTTP: Oracle Java Runtime Environment Type1 Font Parsing Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Oracle Java Runtime Environment (JRE).
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 34240
        - Common Vulnerabilities and Exposures: CVE-2009-1099 CVSS 7.5

    31178: LDAP: Samba LDAP AD DC Password Change
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to modify a password over LDAP on Samba.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 103382
        - Common Vulnerabilities and Exposures: CVE-2018-1057

    31179: HTTP: Adobe Acrobat Plugin Object Reloading Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Acrobat and Adobe Acrobat Reader plugins.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36638, 36668
        - Common Vulnerabilities and Exposures: CVE-2009-2983 CVSS 9.3

    31180: HTTP: Microsoft ASP.NET Error Handling Denial-Of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft ASP.NET.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 35985
        - Common Vulnerabilities and Exposures: CVE-2009-1536 CVSS 2.6
        - Microsoft Security Bulletin: MS09-036

    31181: LDAPS: Samba LDAP AD DC Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Samba.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 103382
        - Common Vulnerabilities and Exposures: CVE-2018-1057

    31182: HTTP: Rhino Software Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Rhino Software Serv-U Web Client.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36895
        - Common Vulnerabilities and Exposures: CVE-2009-4873 CVSS 10.0

    31183: HTTP: Mozilla Firefox Browser Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Mozilla Firefox.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36843
        - Common Vulnerabilities and Exposures: CVE-2009-3382 CVSS 10.0

    31185: HTTP: Mozilla Firefox Floating Point Number Conversion Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Mozilla Firefox.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36851
        - Common Vulnerabilities and Exposures: CVE-2009-1563

    31186: HTTP: Adobe Flash Player Malformed PNG Information Disclosure Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-4934

    31190: HTTP: Adobe Flash Player MovieClip Memory Corruption Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-4935

    31191: HTTP: Adobe Acrobat Reader U3D CLODMeshDeclaration Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Acrobat Reader.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36638
        - Common Vulnerabilities and Exposures: CVE-2009-2994 CVSS 9.3

    31192: NFSDv4: Linux Kernel CAP_MKNOD Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in the Linux Kernel NFSD module.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    31193: TCP: Oracle Database Server LT.ROLLBACKWORKSPACE SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a sql injection vulnerability in Oracle Database Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 34461
        - Common Vulnerabilities and Exposures: CVE-2009-0978 CVSS 5.5

    31194: HTTP: Nullsoft Winamp MAKI Script Processing Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Nullsoft Winamp.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 34009

    31195: LDAP: Samba LDAP AD DC Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Samba.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 103382
        - Common Vulnerabilities and Exposures: CVE-2018-1057

    31196: RPC: Sun Solaris sadmind RPC Request Integer Overflow Vulnerability (UDP)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a integer overflow vulnerability in Sun Solaris.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 35083
        - Common Vulnerabilities and Exposures: CVE-2008-3870 CVSS 10.0

    31201: HTTP: Adobe Flash DefineSound Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-4936

    31202: HTTP: Adobe Flash BlurFilter Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-4937

    31204: TCP: VMware Authorization Service User Credential Parsing Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in VMware Authorization Service.
      - Deployment: Not enabled by default in any deployment.

    31205: HTTP: Brotli Compression Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the usage of Brotli compression in a TCP stream.
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)

    31206: HTTP: Microsoft XML Core Services parseError DOM Object Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft XML Core Services.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 32155
        - Common Vulnerabilities and Exposures: CVE-2008-4029 CVSS 4.3
        - Microsoft Security Bulletin: MS08-069

    31207: SMB: Microsoft Windows WRITE_ANDX SMB Processing Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in the Windows SMB protocol implementation.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 31179
        - Common Vulnerabilities and Exposures: CVE-2008-4114 CVSS 7.1
        - Microsoft Security Bulletin: MS09-001

    31208: HTTP: Microsoft XML Core Services MSXML Header Request Information Disclosure Information Disclosure
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft XML Core Services.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 32204
        - Common Vulnerabilities and Exposures: CVE-2008-4033 CVSS 4.3
        - Microsoft Security Bulletin: MS08-069

    31266: NetBIOS: MikroTik RouterOS NetBIOS Session Request Message Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in MikroTik RouterOS.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 103427
        - Common Vulnerabilities and Exposures: CVE-2018-7445

    31267: HTTP: BitDefender Antivirus PDF Processing Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in BitDefender Antivirus.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 32396
        - Common Vulnerabilities and Exposures: CVE-2008-5409 CVSS 9.3

    31268: SMTP: Microsoft Malware Protection Engine Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Malware Protection Engine.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 29060
        - Common Vulnerabilities and Exposures: CVE-2008-1437 CVSS 5.0
        - Microsoft Security Bulletin: MS08-029

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 8211: HTTP: Microsoft Excel QSIR Record Memory Corruption Vulnerability (ZDI-09-040)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8211: HTTP: Excel File Format Anomaly (ZDI-09-040)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8260: HTTP: Office Viewer OCX ActiveX Multiple Vulnerable Controls
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    8314: HTTP: HP Power Manager Web Server Buffer Overflow Vulnerability (ZDI-09-081, ZDI-10-292)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8314: HTTP: HP Power Manager Web Server Buffer Overflow Vulnerability (ZDI-09-081)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8333: HTTP: HP OpenView NNM webappmon.exe Buffer Overflow Vulnerability (TPTI-09-10)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    8396: HTTP: HP OpenView NNM ovwebsnmpsrv.exe Buffer Overflow Vulnerability (TPTI-09-14)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8642: HTTP: Microsoft ASF File Format Anomaly
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8663: HTTP: Microsoft Office Art Property Table Memory Corruption Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8663: HTTP: Malicious Microsoft Office Document".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 8701: HTTP: Sun Java Runtime Environment JPEG Parsing Buffer Overflow (ZDI-09-080, ZDI-10-054)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8701: HTTP: Sun Java Runtime Environment JPEG Parsing Exploit (ZDI-09-080, ZDI-10-054)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 8727: NFSD: LINUX CAP_MKNOD Security Bypass Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    8759: HTTP: WordPad and Office Text Converters Code Execution Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8759: HTTP: WordPad and Office Text Converters Code Execution".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8852: HTTP: EMC Captiva PixTools Distributed Imaging ActiveX Control Arbitrary File Upload Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8852: HTTP: EMC Captiva PixTools Distributed Imaging ActiveX Control File Creation".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8857: HTTP: FFmpeg OGV File Format Memory Corruption
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    9244: HTTP: Excel File Format Anomaly (ZDI-09-082)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 9314: HTTP: Microsoft Project Malformed Data Record Code Execution
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    9315: HTTP: Microsoft Internet Explorer Remote Code Execution Vulnerability (ZDI-09-087)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    9320: HTTP: Internet Explorer 8 Remote Code Execution Exploit (ZDI-09-086)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 9448: HTTP: Microsoft PowerPoint OEPlaceholderAtom placementId Invalid Array Indexing Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9448: HTTP: Malicious Microsoft PowerPoint Document".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    9557: HTTP: Microsoft Windows Movie Maker and Producer Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9557: HTTP: Windows Movie Maker File Format Anomaly".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    10050: HTTP: Suspicious Microsoft Shell Link Binary File Download
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    11274: HTTP: Oracle VM utl_test_url Command Injection
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 29834: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Out-Of-Bounds Read Vulnerability (ZDI-17-941)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 29899: HTTP: Apache httpd mod_auth_digest Memory Access Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    29946: HTTP: Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHBLT Parsing Out-Of-Bounds Read(ZDI-18-183)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    29966: HTTP: Adobe Acrobat Pro DC ImageConversion XPS JPEG Parsing Out-Of-Bounds Read (ZDI-18-191)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 29971: HTTP: Adobe Acrobat ImageConversion EMF EMR_STRETCHDIBITS cySrc Parsing Buffer Overflow (ZDI-18-177)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30343: HTTP: Adobe Flash SWF Primetime Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    * 30509: HTTP: Microsoft Edge BoxStackInstance Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30509: HTTP: Microsoft Edge Type Confusion Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30521: HTTP: Adobe Acrobat Pro XPS Page Processing Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Vulnerabilities" to "Exploits".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    31031: HTTP: Drupal Core Multiple Subsystems Input Validation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    5271: Oracle: Oracle (GRANT DBA) Near Vulnerable Package
      - IPS Version: 1.4.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    6109: HTTP: Malformed Windows Executable Download
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 6110: HTTP: Malformed PECompact Executable Download
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    8054: Oracle: Oracle SQL Injection Near Vulnerable Package
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8352: DHCP: Suspicious DHCP Offer
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    8362: DNS: Suspicious Dynamic Update
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8673: TCP: TCP Persist Timer
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8678: XPDF/CUPS: Xpdf Buffer Overflow
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8679: FIREBIRD: Firebird SQL op_connect_request Denial of Service
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    * 8744: HTTP: Oracle Secure Backup Command Injection Vulnerability (ZDI-09-003)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8744: HTTP: Oracle Secure Backup Command Injection Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    8820: HTTP: SAP GUI WebViewer3D ActiveX Arbitrary File Read/Write Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    9412: Oracle: Oracle SQL Injection Near Vulnerable Package
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    30230: HTTP: Microsoft Office with Embedded Equation Editor OLE Object Download Attempt
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 31036: HTTPS: HP iNode Management Center iNodeMngChecker.exe Buffer Overflow Vulnerability (ZDI-11-232)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31036: HTTPS: HP iNode Management Center iNodeMngChecker.exe Buffer Overflow Vulnerability".
      - Description updated.

    * 31048: HTTP: Microsoft Office Excel XLSX File Memory Corruption Vulnerability (ZDI-10-025)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31048: HTTP: Microsoft Office Excel XLSX File Memory Corruption Vulnerability".
      - Description updated.

  Removed Filters: None
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000104956
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.