Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9091

    • Updated:
    • 24 Apr 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9091      April 24, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9091.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9091.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    31027: HTTP: Microsoft .NET Framework XAML Browser Applications Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in the Microsoft .NET Framework.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2010-3958 CVSS 9.3
        - Microsoft Security Bulletin: MS11-028

    31028: LDAP: Novell eDirectory Unchecked Length Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Novell eDirectory.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    31050: HTTP: Microsoft Windows WinVerifyTrust PE Validation Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2012-0151 CVSS 9.3
        - Microsoft Security Bulletin: MS12-024

    31054: HTTP: Microsoft MSWebDVD ActiveX Null Pointer Dereference Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a null pointer dereference vulnerability in Microsoft MSWebDVD.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10056

    31155: NTP: Network Time Protocol ntpq decodearr Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Network Time Protocol ntpq.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 103351
        - Common Vulnerabilities and Exposures: CVE-2018-7183

    31158: HTTP: Microsoft Office Word File FIB Processing Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Office Word.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36950
        - Common Vulnerabilities and Exposures: CVE-2009-3135 CVSS 9.3

    31184: HTTP: Sun Java Runtime AWT setDifflCM Stack Buffer Overflow Vulnerability (ZDI-09-078)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Sun Java Runtime.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36881
        - Common Vulnerabilities and Exposures: CVE-2009-3869 CVSS 9.3
        - Zero Day Initiative: ZDI-09-078

    31199: EMC: EMC RepliStor rep_srv and ctrlservice Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in EMC RepliStor.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 36738
        - Common Vulnerabilities and Exposures: CVE-2009-3744 CVSS 5.0

    31259: IGMPv3: Microsoft Windows Kernel IGMPv3 and MLDv2 Request Processing Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft Windows Kernel.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 27100
        - Common Vulnerabilities and Exposures: CVE-2007-0069 CVSS 9.3
        - Microsoft Security Bulletin: MS08-001

    31261: SSH: GoodTech SSH Server SFTP Processing Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in GoodTech SSH Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 31879
        - Common Vulnerabilities and Exposures: CVE-2008-4726 CVSS 9.0

    31265: HTTP: Oracle Java JRE Pack200 Decompression Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Oracle Java JRE.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 32608
        - Common Vulnerabilities and Exposures: CVE-2008-5352 CVSS 9.3

    31270: HTTP: Corel PaintShop Pro Insecure Library Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Corel PaintShop.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 62836
        - Common Vulnerabilities and Exposures: CVE-2013-0733 CVSS 9.3

    31272: SMB: Corel PaintShop Pro Insecure Library Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Corel PaintShop.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 62836
        - Common Vulnerabilities and Exposures: CVE-2013-0733 CVSS 9.3

    31274: HTTP: X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in X.Org Foundation's X Windows Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 27336, 27352
        - Common Vulnerabilities and Exposures: CVE-2008-0006 CVSS 7.5

    31275: RTSP: Microsoft Media Player Audio Sampling Rate Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows Media Player 11.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 30550
        - Common Vulnerabilities and Exposures: CVE-2008-2253 CVSS 9.3
        - Microsoft Security Bulletin: MS08-054

    31276: HTTPS: Symantec Backup Exec System Recovery Arbitrary File Upload Vulnerability (ZDI-08-003)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Veritas Backup Exec System Recovery.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 27487
        - Common Vulnerabilities and Exposures: CVE-2008-0457 CVSS 10.0
        - Zero Day Initiative: ZDI-08-003

    31278: SMTP: Ipswitch IMail SMTP Server Content-Type Header Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Ipswitch IMail Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 25762
        - Common Vulnerabilities and Exposures: CVE-2007-5094 CVSS 7.5

    31280: HTTP: Microsoft Excel Sheet Name Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Excel.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 24691
        - Common Vulnerabilities and Exposures: CVE-2007-3490 CVSS 7.5

    31281: HTTP: Advantech WebAccess Node chkLogin2 user SQL Injection Vulnerability (ZDI-18-143)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Advantech WebAccess Node.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 102781
        - Common Vulnerabilities and Exposures: CVE-2018-5443
        - Zero Day Initiative: ZDI-18-143

    31282: HTTP: Apache Solr Data Import Handler XML XXE Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Apache Solr.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1308

    31283: HTTP: Adobe Multiple Products PDF JavaScript Method Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in multiple Adobe products.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 27641
        - Common Vulnerabilities and Exposures: CVE-2007-5659 CVSS 9.3

    31284: HTTP: Microsoft Visio Packed Object Parsing Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Visio.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 24384
        - Common Vulnerabilities and Exposures: CVE-2007-0936 CVSS 9.3
        - Microsoft Security Bulletin: MS07-030

    31289: HTTP: ClamAV UPX File Handling Heap Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in ClamAV AntiVirus.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 19381
        - Common Vulnerabilities and Exposures: CVE-2006-4018 CVSS 7.5

    31290: SMTP: ClamAV UPX File Handling Heap Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in ClamAV AntiVirus.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 19381
        - Common Vulnerabilities and Exposures: CVE-2006-4018 CVSS 7.5

    31383: TCP: Oracle WebLogic Server ProxyClass Registry And Activator Interfaces Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects attempted usage of the Remote Method Invocation (RMI) of the ProxyClass Registry And Activator interfaces by Oracle WebLogic WLS Core Components.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 103776
        - Common Vulnerabilities and Exposures: CVE-2018-2628

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 2792: HTTP: HP Web Jetadmin Remote Command Injection Vulnerability
      - IPS Version: 1.4.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    4931: BRIGHTSTOR: CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow Vulnerability (ZDI-08-026)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4931: BRIGHTSTOR: CA BrightStor ArcServe Server Buffer Overflow (ZDI-08-026)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 5211: BRIGHTSTOR: CA BrightStor ARCserve Media Server Buffer Overflow (ZDI-07-022)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5211: BRIGHTSTOR: CA BrightStor ArcServe Media Server Buffer Overflow (ZDI-07-022)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    5722: MS-RPC: CA ARCserv RPC Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5722: MS-RPC: CA ARCserv RPC Buffer Overflow".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    6051: TCP: HP StorageWorks Storage Mirroring Buffer Overflow Vulnerability (ZDI-08-034)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "6051: TCP: HP StorageWorks Storage Mirroring Stack Overflow Vulnerability (ZDI-08-034)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 6284: HTTP: Microsoft PowerPoint Viewer Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "6284: HTTP: Microsoft Powerpoint File Format Anomaly".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    6375: HTTP: Microsoft Word Malformed Bitmap File Download (ZDI-08-055)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 6768: MS-SQL: Microsoft SQL Server Buffer Overflow
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 6833: HTTP: Adobe Reader and Acrobat util.printf Stack Buffer Overflow Vulnerability (ZDI-08-072)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "6833: HTTP: PDF Containing Malicious util.printf Call".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 8213: MS-RPC: Invalid Enumeration Response
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8800: SMTP: IBM Lotus Notes Applix Graphics Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8800: SMTP: IBM Lotus Notes Applix Graphics Buffer Overflow".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8965: HTTP: Mozilla Multiple Products Memory Corruption Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8965: HTTP: Mozilla Products Suspicious Overflow Event Handling".
      - Category changed from "Security Policy" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    9002: HTTP: Sun JDK JPEG Image Parsing Buffer Overflow
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    9056: SSH: OpenSSH Denial-of-Service Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9056: SSH: OpenSSH Denial of Service".
      - Detection logic updated.
      - Vulnerability references updated.

    9436: HTTP: Malicious URI in Web Page (ZDI-10-016)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 9630: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9630: HTTP: Internet Explorer Memory Corruption Vulnerability".
      - Detection logic updated.
      - Vulnerability references updated.

    9761: HTTP: Opera Content-Length Integer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    9858: HTTP: Webkit Memory Corruption Vulnerability (ZDI-10-093)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    10090: HTTP: Internet Explorer Memory Corruption Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    10149: HTTP: OpenSSL OriginatorInfo Download
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    10459: HTTP: IIS FastCGI Request Header Buffer Overflow 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    10564: HTTP: Internet Explorer Cross-Domain Information Disclosure Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    10636: HTTP: Mozilla Firefox document.write Handling Buffer Overflow Vulnerability 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    10685: HTTP: Microsoft Internet Explorer Time Memory Corruption Vulnerability (ZDI-10-289)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 12817: HTTP: Apple Safari WebKit Button Memory Corruption
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 16880: UDP: MIT Kerberos KDC Ticket Validation Double Free Vulnerability 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    26893: SMB: Microsoft Windows mrxsmb20.dll Denial-of-Service Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 29810: HTTP: NetGain Systems Enterprise Manager ip Directory Traversal Vulnerability (ZDI-17-963)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    30540: UDP: Memcached Protocol Command Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30549: ZDI-CAN-5499: Zero Day Initiative Vulnerability (Microsoft Chakra)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    * 30552: HTTP: Microsoft Internet Explorer jscript.dll Array Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30552: HTTP: Microsoft Internet Explorer CollectGarbage Memory Corruption Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    31031: HTTP: Drupal Core Multiple Subsystems Input Validation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    3549: Telnet: Windows Client Information Disclosure
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    4890: HTTP: Mozilla PKCS Module Modification
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    5144: MS-RPC: CA ARCserv Vulnerable Procedure Access (ZDI-07-069)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    * 5257: RPC: Computer Associates BrightStor Malicious Remote Procedure Call
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    6016: HTTP: Apache mod_negotiation Cross Site Scripting
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    6023: RPC: ypupdate Insecure Program Access
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - NGFW Application Groups updated.
      - Vulnerability references updated.

    6292: HTTP: Internet Explorer Insecure API Invocation
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    6530: HTTP: Autodesk UpdateEngine ActiveX Control Unsafe Method
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8824: FIREBIRD: Mozilla Firebird SQL op_connect_request Denial of Service
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8845: HTTP: Suspicious Embedded HTML Document Download
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8913: FTP: RNTO Command With Directory Traversal
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8959: HTTP: Mozilla Firefox Suspicious Layout Frame Constructor
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    8960: HTTP: Mozilla Firefox XBL Suspicious Event Handler
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8973: HTTP: VLC ActiveX Control Insecure Method Call
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    8992: Oracle: Oracle SQL Injection Near Vulnerable Package
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    * 8993: BRIGHTSTOR: CA BrightStor ARCserve Backup Media Server Suspicious Interface Access
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    9104: HTTP: Suspicious Apple QuickTime File Download
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    9112: HTTP: Oracle Restricted File Access
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

  Removed Filters: None
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000105635
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.