Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9155

    • Updated:
    • 21 Aug 2018
    • Product/Version:
    • Platform:
Summary
Digital Vaccine #9155      August 21, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.

System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.

SMS v5.0.0 Customers
Trend Micro TippingPoint recommends that customers running SMS v5.0.0 upgrade to SMS v5.0.1 or higher at the earliest opportunity in order to avoid critical issues related to filter overrides. See Product Bulletin #1078 for more information.

Adobe Security Bulletins
This DV includes coverage for the Adobe vulnerabilities released on or before August 14, 2018.
The following table maps TippingPoint filters to the Adobe CVEs.
Bulletin #CVE #TippingPoint Filter #Status
APSB18-29CVE-2018-1279932859
APSB18-29CVE-2018-1280832860
APSB18-25CVE-2018-1282432861
APSB18-25CVE-2018-1282532862
APSB18-25CVE-2018-1282632863
APSB18-25CVE-2018-1282732864
APSB18-25CVE-2018-12828Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.

The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9155.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9155.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    32852: HTTP: Jenkins CI Server getOrCreate Policy Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a policy bypass vulnerability in Jenkins CI Server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1999001

    32854: HTTP: SCF File Download
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the download of SCF files.
      - Deployment: Not enabled by default in any deployment.

    32855: HTTP: Oracle Outside In Technology Excel GelFrame Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Oracle Outside In Technology.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 104762
        - Common Vulnerabilities and Exposures: CVE-2018-2992

    32856: HTTP: Jenkins CI Server LocaleDrivenResourceSelector Arbitrary File Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an arbitrary file read vulnerability in Jenkins CI Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1999002

    32858: TCP: Advantech WebAccess webvrpcs Buffer Overflow Vulnerability (ZDI-17-938)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in the Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Zero Day Initiative: ZDI-17-938

    32859: HTTP: Adobe Acrobat Pro Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Acrobat Pro.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-12799

    32860: HTTP: Adobe Acrobat Reader MakeAccessible Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-12808

    32861: HTTP: Adobe Flash Player MP3 Parsing Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-12824

    32862: HTTP: Adobe Flash Player ActiveX Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-12825

    32863: HTTP: Adobe Flash Player ActionScript Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-12826

    32864: HTTP: Adobe Flash Player MP4-Advanced Video Coding Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-12827

    32869: TCP:  Java Remote Method Invocation On Port 4444 (ZDI-18-551)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the usage of port 4444 for Java Remote Method Invocation.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-10611
        - Zero Day Initiative: ZDI-18-551

    32871: HTTP:  Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2016-0189

    32872: TCP: Cisco WebEx ARF File DLL Planting Memory Corruption Vulnerability (ZDI-18-008)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Cisco WebEx.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0104
        - Zero Day Initiative: ZDI-18-008

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 29906: HTTP: Huawei App Market JavaScript Bridge Privilege Escalation Vulnerability (Pwn2Own ZDI-18-875)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29906: PWN2OWN ZDI-CAN-5348: Zero Day Initiative Vulnerability (Huawei Browser)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30273: HTTP: Microsoft Chakra Typed Array Use-After-Free Vulnerability (ZDI-18-580)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30273: ZDI-CAN-5321,5448,6050: Zero Day Initiative Vulnerability (Microsoft Chakra)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    30393: HTTP: OMRON CX-One CX-Motion wcscpy Stack-Based Buffer Overflow Vulnerability (ZDI-18-282)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30393: ZDI-CAN-5403: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    30432: HTTP: OMRON CX-One CX-FLnet Type Buffer Overflow Vulnerability (ZDI-18-288)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30432: ZDI-CAN-5453: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30537: HTTP: Adobe Acrobat Reader JavaScript API Annotation Use-After-Free Vulnerability (ZDI-18-174)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30549: ZDI-CAN-5499: Zero Day Initiative Vulnerability (Microsoft Chakra)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Detection logic updated.

    * 30955: HTTP: Oracle Java Applet Rhino Script Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)

    * 31489: HTTP: Microsoft Edge Scripting Engine Magic Value Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    31726: HTTP: Adobe Acrobat Pro Array Pointer Buffer Overflow Vulnerability (ZDI-18-467)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31726: HTTP: Adobe Acrobat Pro Array Pointer Buffer Overflow Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    31866: HTTP: Microsoft Edge Chakra typeof Operator Type Confusion Vulnerability (ZDI-18-539)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31866: ZDI-CAN-6152: Zero Day Initiative Vulnerability (Microsoft Edge)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 31871: HTTP: Adobe Acrobat Pro DC EMF Parsing Information Disclosure Vulnerability (ZDI-18-574)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31871: ZDI-CAN-5708: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    31872: HTTP: Adobe Acrobat Pro DC EMR_STRETCHDIBITS Buffer Overflow Vulnerability (ZDI-18-595)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31872: ZDI-CAN-5710: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32024: DHCP: Red Hat NetworkManager DHCP Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 32247: HTTP: Adobe Acrobat and Reader JPEG2000 Parsing Out-of-Bounds Read Vulnerability (ZDI-18-677)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32247: ZDI-CAN-6341: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32262: HTTP: Wecon LeviStudioU aetlog EventSet WordAddr10 Buffer Overflow (ZDI-18-827, ZDI-18-830)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32262: ZDI-CAN-5911,5908: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 32721: HTTP: Microsoft VBScript Engine Sub Default Property Use-After-Free Vulnerability (ZDI-18-953)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32721: HTTP: Microsoft VBScript Engine Sub Default Property Use-After-Free Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32729: TCP: Oracle WebLogic Server StreamMessageImpl Object Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 29905: HTTP: Huawei App Market Whitelist Bypass Privilege Escalation Vulnerability (Pwn2Own ZDI-18-879)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29905: PWN2OWN ZDI-CAN-5347: Zero Day Initiative Vulnerability (Huawei Browser)".
      - Description updated.
      - Vulnerability references updated.

    * 29907: HTTP: Huawei App Market JavaScript Bridge Privilege Escalation Vulnerability (Pwn2Own ZDI-18-878)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29907: PWN2OWN ZDI-CAN-5349: Zero Day Initiative Vulnerability (Huawei Browser)".
      - Description updated.
      - Vulnerability references updated.

    * 29908: HTTP: Huawei Reader onChapPack Directory Traversal Vulnerability (Pwn2Own ZDI-18-874)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29908: PWN2OWN ZDI-CAN-5350: Zero Day Initiative Vulnerability (Huawei Browser)".
      - Description updated.
      - Vulnerability references updated.

    29909: HTTP: Huawei Reader Insecure Plugin Loading Privilege Escalation Vulnerability (Pwn2Own ZDI-18-876)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29909: PWN2OWN ZDI-CAN-5351: Zero Day Initiative Vulnerability (Huawei Browser)".
      - Description updated.
      - Vulnerability references updated.

    29914: HTTP: Samsung Members Intent Proxy Privilege Escalation Vulnerability (Pwn2Own  ZDI-18-562)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29914: PWN2OWN ZDI-CAN-5361: Zero Day Initiative Vulnerability (Samsung Internet Browser)".
      - Description updated.
      - Vulnerability references updated.

    * 30370: HTTP: Adobe Acrobat Pro DC Memory Corruption Vulnerability (ZDI-18-529)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30370: ZDI-CAN-5237: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    * 30371: HTTP: Adobe Acrobat Pro DC Memory Corruption Vulnerability (ZDI-18-530)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30371: ZDI-CAN-5238: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    30392: HTTP: OMRON CX-One CX-Motion sscanf Buffer Overflow Vulnerability (ZDI-18-281)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30392: ZDI-CAN-5402: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Vulnerability references updated.

    30394: HTTP: OMRON CX-One CX-Protocol CObject Type Confusion Vulnerability (ZDI-18-283)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30394: ZDI-CAN-5404: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Vulnerability references updated.

    30399: HTTP: OMRON CX-One CX-FLnet cdmapi32 Buffer Overflow Vulnerability (ZDI-18-284)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30399: ZDI-CAN-5405: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Vulnerability references updated.

    30400: HTTP: OMRON CX-One CX-Programmer mbsnbcat Buffer Overflow Vulnerability (ZDI-18-285)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30400: ZDI-CAN-5406: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Vulnerability references updated.

    30401: HTTP: Foxit Reader pageNum Use-After-Free Vulnerability (ZDI-18-343)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30401: ZDI-CAN-5432: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    30402: HTTP: Foxit Reader Field textColor Setter Use-After-Free Vulnerability (ZDI-18-344, ZDI-18-345)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30402: ZDI-CAN-5433,5434: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    30403: HTTP: Foxit Reader Author Annotation Use-After-Free Vulnerability (ZDI-18-346)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30403: ZDI-CAN-5435: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    30406: HTTP: Foxit Reader PrintParams bitmapDPI Information Disclosure Vulnerability (ZDI-18-312)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30406: ZDI-CAN-5437: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    30407: HTTP: Foxit Reader PrintParams Information Disclosure Vulnerability (ZDI-18-313)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30407: ZDI-CAN-5438: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    30408: HTTP: OMRON CX-One Network Configurator Buffer Overflow Vulnerability (ZDI-18-286)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30408: ZDI-CAN-5439: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Vulnerability references updated.

    30470: HTTP: Foxit Reader addAnnot Use-After-Free Vulnerability (ZDI-18-315)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30470: ZDI-CAN-5488: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    30485: HTTP: Foxit Reader addField Use-After-Free Vulnerability (ZDI-18-316)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30485: ZDI-CAN-5489: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    * 30486: HTTP: Foxit Reader AFSimple_Calculate Use-After-Free Vulnerability (ZDI-18-318)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30486: ZDI-CAN-5491: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Vulnerability references updated.

    * 31759: HTTP: Microsoft Edge CSS Background Property Type Confusion Vulnerability (ZDI-18-577)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31759: ZDI-CAN-5605: Zero Day Initiative Vulnerability (Microsoft Edge)".
      - Description updated.
      - Vulnerability references updated.

    31789: HTTP: Advantech WebAccess HMI Designer PM3 File Parsing Double-Free Vulnerability (ZDI-18-632)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31789: ZDI-CAN-5643: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer)".
      - Description updated.
      - Vulnerability references updated.

    * 31859: HTTP: Adobe Acrobat Pro DC ImageConversion EMF EMR_ALPHABLEND Buffer Overflow (ZDI-18-610)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31859: ZDI-CAN-5968: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    * 31865: HTTP: Adobe Acrobat Pro DC ImageConversion EMF EmfPlusDrawBeziers Out-of-Bounds Read (ZDI-18-675)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31865: ZDI-CAN-6153: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    31868: HTTP: Adobe Acrobat Pro DC ImageConversion XPS Parsing Memory Corruption Vulnerability (ZDI-18-594)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31868: ZDI-CAN-5706: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    31870: HTTP: Microsoft Edge Media Foundation Memory Corruption Vulnerability (ZDI-18-579)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31870: ZDI-CAN-5707: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Vulnerability references updated.

    31874: UDP: HPE Intelligent Management Center Database tftpserver getFileData Buffer Overflow (ZDI-18-778) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31874: ZDI-CAN-5749: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)".
      - Description updated.
      - Vulnerability references updated.

    31876: HTTP: Adobe Acrobat Pro DC EMF EMR_COMMENT Information Disclosure Vulnerability (ZDI-18-598)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31876: ZDI-CAN-5766: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    31878: HTTP: Wecon LeviStudioU G_PictureVer Element Buffer Overflow Vulnerability (ZDI-18-784)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31878: ZDI-CAN-5787: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    31879: HTTP: Wecon LeviStudioU UMP ProjectVer Buffer Overflow Vulnerability (ZDI-18-785)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31879: ZDI-CAN-5788: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    * 32232: HTTP: Adobe Acrobat EMF BMP Buffer Overflow Vulnerability (ZDI-18-680)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32232: ZDI-CAN-6325: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Vulnerability references updated.

    32240: HTTP: Wecon LeviStudioU ttsui TTSSet SText Buffer Overflow Vulnerability (ZDI-18-820)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32240: ZDI-CAN-5901: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    32241: HTTP: Wecon LeviStudioU usermanage GroupList UserIdSet Buffer Overflow Vulnerability (ZDI-18-821)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32241: ZDI-CAN-5902: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    32243: HTTP: Wecon LeviStudioU usermanage GroupList Description Buffer Overflow Vulnerability (ZDI-18-822)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32243: ZDI-CAN-5903: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    32244: HTTP: Wecon LeviStudioU usermanage GroupList Name Buffer Overflow Vulnerability (ZDI-18-823)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32244: ZDI-CAN-5904: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    32245: HTTP: Wecon LeviStudioU usermanage GroupList ID Buffer Overflow Vulnerability (ZDI-18-824)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32245: ZDI-CAN-5905: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    32246: HTTP: Wecon LeviStudioU aetlog WordAlarmSet WordAddr10 Buffer Overflow Vulnerability (ZDI-18-825)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32246: ZDI-CAN-5906: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    32248: HTTP: Wecon LeviStudioU aetlog Alarm WordAddr10 Buffer Overflow Vulnerability (ZDI-18-826)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32248: ZDI-CAN-5907: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    32260: HTTP: Wecon LeviStudioU aetlog EventSet WordAddr Buffer Overflow Vulnerability (ZDI-18-828)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32260: ZDI-CAN-5909: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

    32261: HTTP: Wecon LeviStudioU aetlog Alarm WordAddr9 Buffer Overflow Vulnerability (ZDI-18-829)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32261: ZDI-CAN-5910: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters:

    30530: HTTP: Adobe Reader DC TIFF IFD Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    32227: ZDI-CAN-5743: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.


Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000119092
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.