Summary
Digital Vaccine #9171 September 25, 2018
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9171.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9171.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
32896: HTTP: Apache httpd mod_md Null Pointer Dereference Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Apache httpd. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8011 CVSS 6.1 33056: DNS: Samba AD DC Null Pointer Dereference Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Samba AD DC. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1140 33061: HTTP: ABB Panel Builder 800 Comli CommandLineOptions Stack-based Buffer Overflow (ZDI-18-883) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow in ABB Panel Build 800 Comli. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-10616 - Zero Day Initiative: ZDI-18-883 33063: SMTP: RAR Attachment Containing .iqy File - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to transfer a .rar file containing an Internet Query File format used by Microsoft Excel (.iqy) file over SMTP. - Deployment: Not enabled by default in any deployment. 33064: HTTP: Zoho ManageEngine OpManager FailOverHelperServlet Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Zoho ManageEngine OpManager. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-12998 CVSS 6.8 33065: HTTP: Microsoft Windows StructuredQuery Uninitialized Pointer Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-8345 33077: HTTP: Microsoft Windows Image ICC Profile Code Execution - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-8475 33078: HTTP: GNU Libextractor ZIP File Comment Out-of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Libextractor. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-16430 33079: ZDI-CAN-7146: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 33080: ZDI-CAN-7147: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 33083: ZDI-CAN-6576: Zero Day Initiative Vulnerability (LAquis SCADA) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA. - Deployments: - Deployment: Security-Optimized (Block / Notify) 33086: HTTP: Microsoft Exchange Server Voicemail Transcription Handler Override (ZDI-18-944) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects traffic that overrides the default voice transcription handler in Microsoft Exchange. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2018-8302 - Zero Day Initiative: ZDI-18-944 33087: HTTP: Apple macOS M4A Parsing Buffer Overflow Vulnerability (ZDI-17-189) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in the Apple macOS. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2017-2462 - Zero Day Initiative: ZDI-17-189 33088: TCP: HPE Intelligent Management Center imcwlandm UserName Buffer Overflow Vulnerability(ZDI-18-1000) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Hewlett Packard Enterprise Intelligent Management Center. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Zero Day Initiative: ZDI-18-1000 33089: HTTP: Apple macOS M4A Parsing Type Confusion Vulnerability (ZDI-17-190) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a type confusion vulnerability in the Apple macOS. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2017-2430 - Zero Day Initiative: ZDI-17-190 33090: HTTP: Apple Safari RenderFlowThread Out-of-Bounds Read Vulnerability (ZDI-17-822) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in the Apple Safari. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2017-7091 - Zero Day Initiative: ZDI-17-822 33091: HTTP: PHP Apache2 Chunked Transfer-Encoding With Java Script Payload Detection - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to post a JavaScript payload to the Apache2 component in PHP when the Transfer-Encoding is set to chunked. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2018-17082 Modified Filters (logic changes): * = Enabled in Default deployments * 8803: HTTP: Adobe Flash Player for Linux Command Execution - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. * 29742: HTTP: Adobe Flash addCustomHeader Out-Of-Bounds Read Vulnerability (ZDI-17-996) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29742: ZDI-CAN-5074: Zero Day Initiative Vulnerability (Adobe Flash)". - Description updated. - Detection logic updated. - Vulnerability references updated. * 30238: HTTP: Microsoft Windows Font EOT Information Disclosure Vulnerability (ZDI-17-1014) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "30238: ZDI-CAN-5315: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. * 30240: HTTP: Microsoft Windows Font EOT Information Disclosure Vulnerability (ZDI-17-1010) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "30240: ZDI-CAN-5317: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. * 30243: HTTP: Microsoft Office Excel XLS Use-After-Free Vulnerability (ZDI-17-929) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "30243: ZDI-CAN-5320: Zero Day Initiative Vulnerability (Microsoft Office)". - Description updated. - Detection logic updated. - Vulnerability references updated. * 30273: HTTP: Microsoft Chakra Typed Array Use-After-Free Vulnerability (ZDI-17-1016,ZDI-18-580) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "30273: HTTP: Microsoft Chakra Typed Array Use-After-Free Vulnerability (ZDI-18-580)". - Description updated. - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 20815: HTTP: Microsoft Windows VBScript Filter Function Use-After-Free Vulnerability(ZDI-15-592,ZDI-18-123) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 24325: HTTP: ARRIS VAP2500 txt_mac Command Injection Vulnerability (ZDI-16-691) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "24325: ZDI-CAN-3868: Zero Day Initiative Vulnerability (ARRIS VAP2500)". - Description updated. - Vulnerability references updated. 24326: HTTP: ARRIS VAP2500 tools_command Command Injection Vulnerability (ZDI-16-692) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "24326: ZDI-CAN-3869: Zero Day Initiative Vulnerability (ARRIS VAP2500)". - Description updated. - Vulnerability references updated. 24327: HTTP: ARRIS VAP2500 list_mac_address macaddr Command Injection Vulnerability (ZDI-16-693) - IPS Version: 3.2.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Name changed from "24327: ZDI-CAN-3870: Zero Day Initiative Vulnerability (ARRIS VAP2500)". - Description updated. - Vulnerability references updated. * 29144: HTTP: HPE Intelligent Management Center redirectviewer Directory Traversal Vulnerability(ZDI-18-138) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29144: ZDI-CAN-4905: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)". - Description updated. - Vulnerability references updated. * 29743: HTTP: Adobe Flash determinePreferredLocales Out-of-Bound Read Vulnerability (ZDI-17-997) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29743: ZDI-CAN-5075: Zero Day Initiative Vulnerability (Adobe Flash)". - Description updated. - Vulnerability references updated. 29752: HTTP: WECON LeviStudio PLC Driver Buffer Overflow Vulnerability (ZDI-17-1001) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29752: ZDI-CAN-5085: Zero Day Initiative Vulnerability (WECON LeviStudio)". - Description updated. - Vulnerability references updated. 29859: HTTP: QNAP QTS authLogin Buffer Overflow Vulnerability (ZDI-17-1004) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29859: ZDI-CAN-5262: Zero Day Initiative Vulnerability (QNAP QTS)". - Description updated. - Vulnerability references updated. 29860: HTTP: QNAP QTS authLogin Buffer Overflow Vulnerability (ZDI-17-1005) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29860: ZDI-CAN-5263: Zero Day Initiative Vulnerability (QNAP QTS)". - Description updated. - Vulnerability references updated. * 30236: HTTP: Microsoft Edge CSS Memory Corruption Vulnerability (ZDI-18-373) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "30236: ZDI-CAN-5313: Zero Day Initiative Vulnerability (Microsoft Edge)". - Description updated. - Vulnerability references updated. 30737: TCP: SSL 3.0 Padding Oracle Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Deployments updated and are now: - Deployment: Performance-Optimized (Block / Notify) 32056: HTTP: Fuji Electric V-Server VPR File Parsing Out-of-Bounds Read Vulnerability (ZDI-18-1018) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32056: ZDI-CAN-5884: Zero Day Initiative Vulnerability (Fuji Electric V-Server)". - Description updated. - Vulnerability references updated. 32057: HTTP: Fuji Electric V-Server VPR File Parsing Use-After-Free Vulnerability (ZDI-18-1019) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32057: ZDI-CAN-5885: Zero Day Initiative Vulnerability (Fuji Electric V-Server)". - Description updated. - Vulnerability references updated. 32058: HTTP: Fuji Electric V-Server VPR File Parsing CArchive Memory Corruption Vulnerability (ZDI-18-1020) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32058: ZDI-CAN-5886: Zero Day Initiative Vulnerability (Fuji Electric V-Server)". - Description updated. - Vulnerability references updated. 32059: HTTP: Fuji Electric V-Server VPR File Parsing CArchive Memory Corruption Vulnerability (ZDI-18-1021) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32059: ZDI-CAN-5887: Zero Day Initiative Vulnerability (Fuji Electric V-Server)". - Description updated. - Vulnerability references updated. 32060: HTTP: Fuji Electric V-Server VPR File Parsing Memory Corruption Vulnerability (ZDI-18-1022) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32060: ZDI-CAN-5888: Zero Day Initiative Vulnerability (Fuji Electric V-Server)". - Description updated. - Vulnerability references updated. 32061: HTTP: Fuji Electric V-Server VPR File Parsing Buffer Overflow Vulnerability (ZDI-18-1012) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32061: ZDI-CAN-5889: Zero Day Initiative Vulnerability (Fuji Electric V-Server)". - Description updated. - Vulnerability references updated. 32789: HTTP: WordPress Snazzy Maps Plugin XSS Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. Removed Filters: None.
Top of the Page