Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9191

    • Updated:
    • 13 Nov 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9191      November 13, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before November 13, 2018.
The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2018-8256 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8407 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-840833415 
CVE-2018-8415 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8416 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8417 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8450 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8454 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8471 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-847633416 
CVE-2018-8485 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-852233417 
CVE-2018-8524 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-853933419 
CVE-2018-8541 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-854233420 
CVE-2018-8543 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8544*33407 
CVE-2018-8545 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8546 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8547 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8549 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8550 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8551 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-855233422 
CVE-2018-855333423 
CVE-2018-8554 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-855533425 
CVE-2018-855633426 
CVE-2018-855733427 
CVE-2018-8558 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8561 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8562 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-856333429 
CVE-2018-8564 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-856533430 
CVE-2018-8566 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8567 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8568 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8570 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8572 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8573 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8574 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8575 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8576 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8577 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8578 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8579 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8581 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-858233431 
CVE-2018-8584 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-858833433 
CVE-2018-858933434 
CVE-2018-8592 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8600 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8602 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8605 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8606 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8607 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8608 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8609 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9191.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9191.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    33372: HTTP: ISPConfig Hosting Control Panel user_settings.php Arbitrary File Inclusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file inclusion vulnerability in ISPConfig Hosting Control Panel.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-17984

    33415: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8408

    33416: TFTP: Microsoft Windows Deployment Services Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows Deployment Services.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8476

    33417: HTTP: Microsoft Outlook Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Outlook.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8522

    33419: HTTP: Microsoft Office Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Office.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8539

    33420: HTTP: Microsoft Edge MergeWithObject Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8542

    33422: HTTP: Microsoft VBScript Engine VbsFilter Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a out-of-bounds write vulnerability in Microsoft VBScript Engine.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8552

    33423: HTTP: Microsoft Windows Win32k Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8553

    33425: HTTP: Microsoft Edge JIT Engine Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8555

    33426: HTTP: Microsoft Edge TypedArray Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8556

    33427: HTTP: Microsoft Edge JIT getPrototypeOf Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8557

    33429: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8563

    33430: HTTP: Microsoft API SetWindowPos Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8565

    33431: HTTP: Microsoft Outlook Rule Import Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Outlook.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8582

    33433: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8588

    33434: HTTP: Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8589

    33435: HTTP: Apache Hadoop YARN ResourceManager Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command execution vulnerability in Apache Hadoop YARN ResourceManager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33442: ZDI-CAN-6762: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    33443: ZDI-CAN-6763,6764,6767: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    33460: HTTP: Microsoft Windows Shell Object Creation Detection
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: The filter detects the instantiation of a Shell object in Windows Shell Component Object Model (COM).
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)

    33462: ZDI-CAN-7115: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33463: ZDI-CAN-6918: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33464: ZDI-CAN-7256: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33465: HTTP: Responsive FileManager upload.php Zip Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Responsive FileManager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-15536

    33466: HTTP: VBScript chr() and Clng() Suspicious Functions Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter attempts to detect the usage of the chr() and Clng() methods in the Microsoft VBScript Engine.
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)

    33468: ZDI-CAN-7136: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33470: ZDI-CAN-6772: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    33471: ZDI-CAN-6774: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    33472: ZDI-CAN-7133: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33473: ZDI-CAN-7135: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33475: HTTP: LibTIFF JBIGDecode Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in LibTIFF.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 105749
        - Common Vulnerabilities and Exposures: CVE-2018-18557

    33476: TCP: QNX Neutrino QCONN Connection Attempt
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to establish a connection to QNX Neutrino QCONN.
      - Deployment: Not enabled by default in any deployment.

    33477: ZDI-CAN-7148: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    33479: SIP: Session Initiation Protocol Invalid Sent-by Address Header Value (UDP)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects Session Initiation Protocol traffic, which is generally associated with Voice over IP (VoIP), via UDP.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 105768
        - Common Vulnerabilities and Exposures: CVE-2018-15454

    33481: SIP: Session Initiation Protocol Invalid Sent-by Address Header Value (TCP)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects Session Initiation Protocol traffic, which is generally associated with Voice over IP (VoIP), via TCP.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 105768
        - Common Vulnerabilities and Exposures: CVE-2018-15454

    33482: ZDI-CAN-7156: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33483: HTTP: Microsoft .NET Framework FromBase64String Method Detection
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the usage of the FromBase64String method in Microsoft's .NET Framework.
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)

    33484: HTTP: Microsoft Windows Shell.ShellExecute Method Detection
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the Shell.ShellExecute Method in the Microsoft Windows Shell SDK.
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)

    33485: ZDI-CAN-7120: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33486: ZDI-CAN-7165: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    33487: ZDI-CAN-7121: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33488: ZDI-CAN-7122: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33489: ZDI-CAN-7123: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33490: ZDI-CAN-7124: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33491: ZDI-CAN-7125: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33492: ZDI-CAN-7126: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33494: ZDI-CAN-7127: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33496: ZDI-CAN-7250: Zero Day Initiative Vulnerability (Bitdefender SafePay)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Bitdefender SafePay.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33499: ZDI-CAN-7272,7297,7298: Zero Day Initiative Vulnerability (Adobe Reader DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Reader DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33500: ZDI-CAN-7114: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33501: ZDI-CAN-7113: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33513: ZDI-CAN-7232: Zero Day Initiative Vulnerability (Drupal 8)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Drupal 8.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33514: ZDI-CAN-7246: Zero Day Initiative Vulnerability (Drupal 8)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Drupal 8.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33515: ZDI-CAN-6492: Zero Day Initiative Vulnerability (LAquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, and TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33518: HTTP: Microsoft Outlook Rule Import Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Outlook.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8587

    33527: HTTP: Adobe ColdFusion Arbitrary File Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the upload of a file to the upload.cfm page.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-15961

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    32354: TCP: Advantech WebAccess Client bwwebd Buffer Overflow Vulnerability (ZDI-18-1313)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32354: ZDI-CAN-6301: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32356: RPC: Advantech WebAccess Client bwnodeip Buffer Overflow Vulnerability (ZDI-18-1314)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32356: ZDI-CAN-6302: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32709: TCP: Delta Industrial Automation TPEditor Memory Corruption Vulnerability (ZDI-18-1237)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32709: ZDI-CAN-6449: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32710: TCP: Delta Industrial Automation TPEditor Buffer Overflow Vulnerability (ZDI-18-1236)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32710: ZDI-CAN-6448: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32711: TCP: LAquis SCADA LQS File Parsing Information Disclosure Vulnerability (ZDI-18-1255)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32711: ZDI-CAN-6447: Zero Day Initiative Vulnerability (LAquis SCADA)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32712: TCP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-18-1279)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32712: ZDI-CAN-6446: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32716: TCP: OMRON CX-Supervisor SCS File Information Disclosure Vulnerability (ZDI-18-1280)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32716: ZDI-CAN-6427: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32734: RPC: Advantech Webaccess Client bwwebv Buffer Overflow Vulnerability (ZDI-18-1304)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32734: ZDI-CAN-6292: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32735: RPC: Advantech Webaccess Client upandpr Buffer Overflow Vulnerability (ZDI-18-1305)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32735: ZDI-CAN-6293: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32737: RPC: Advantech Webaccess Client bwclrptw Buffer Overflow Vulnerability (ZDI-18-1306)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32737: ZDI-CAN-6294: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32739: RPC: Advantech Webaccess Client bwclient Buffer Overflow Vulnerability (ZDI-18-1307)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32739: ZDI-CAN-6295: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32740: RPC: Advantech Webaccess Client bwprtscr Buffer Overflow Vulnerability (ZDI-18-1308)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32740: ZDI-CAN-6296: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32741: RPC: Advantech Webaccess Client bwsound Buffer Overflow Vulnerability (ZDI-18-1309)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32741: ZDI-CAN-6297: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32742: RPC: Advantech Webaccess Client bwsound2 Buffer Overflow Vulnerability (ZDI-18-1310)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32742: ZDI-CAN-6298: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32743: RPC: Advantech Webaccess Client bwrunmi Buffer Overflow Vulnerability (ZDI-18-1311)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32743: ZDI-CAN-6299: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32746: HTTP: Delta Industrial Automation TPEditor TPE File Buffer Overflow Vulnerability (ZDI-18-1238)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32746: ZDI-CAN-6442: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32747: HTTP: Delta Industrial Automation TPEditor CC3260MT Out-of-Bounds Write Vulnerability (ZDI-18-1239)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32747: ZDI-CAN-6443: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32762: HTTP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-18-1283)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32762: ZDI-CAN-6403: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33304: HTTP: Foxit Reader XFA Form count Use-After-Free Vulnerability (ZDI-18-1217)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33304: ZDI-CAN-6477: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33307: HTTP: Foxit Reader XFA TimeField deleteItem Use-After-Free Vulnerability (ZDI-18-1221)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33307: ZDI-CAN-6478: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33308: HTTP: Foxit Reader XFA TimeField colSpan Use-After-Free Vulnerability (ZDI-18-1225)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33308: ZDI-CAN-6479: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33309: HTTP: Foxit Reader XFA TimeField editValue Use-After-Free Vulnerability (ZDI-18-1229)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33309: ZDI-CAN-6480: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33310: HTTP: Foxit Reader XFA TimeField addItem Use-After-Free Vulnerability (ZDI-18-1197)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33310: ZDI-CAN-6481: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33342: HTTP: LAquis SCADA editorldriver Buffer Overflow Vulnerability (ZDI-18-1259)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33342: ZDI-CAN-6546: Zero Day Initiative Vulnerability (LAquis SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33396: TCP: Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33407: HTTP: Microsoft Internet Explorer Scripting.Dictionary Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33407: ZDI-CAN-6749: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    3593: HTTP: SQL Injection in URL Parameters (UNION)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3593: HTTP: SQL Injection (UNION)".
      - Description updated.

    5669: HTTP: SQL Injection in TCP Payload (UNION)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5669: HTTP: SQL Injection (UNION)".
      - Description updated.

    11171: HTTP: SQL Injection in URI Path (UNION)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "11171: HTTP: SQL Injection (UNION)".
      - Description updated.

  Removed Filters: None
      
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000123216
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.