Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9202

    • Updated:
    • 12 Dec 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9202      December 11, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Adobe Security Bulletins
This DV includes coverage for the Adobe vulnerabilities released on or before December 05, 2018. The following table maps TippingPoint filters to the Adobe CVEs.
Bulletin #CVE #TippingPoint Filter #Status
APSB18-42CVE-2018-1598233711 
APSB18-42CVE-2018-15983 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before December 11, 2018. The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2018-8477 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8514 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8517 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8540 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8580 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-858333685 
CVE-2018-858733518 
CVE-2018-8590 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8595 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8596 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8597 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8598 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8604 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-861133820 
CVE-2018-8612 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-861733686 
CVE-2018-861833687 
CVE-2018-861933708 
CVE-2018-8621 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8622 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-862433688 
CVE-2018-862533819 
CVE-2018-8626 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8627 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-862833818 
CVE-2018-862933689 
CVE-2018-863133690 
CVE-2018-863433691 
CVE-2018-8635 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8636 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8637 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8638 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-863933822 
CVE-2018-8641 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8643*33482 
CVE-2018-8649 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8651 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8652 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9202.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9202.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    29476: HTTP: HTTP on Non-Standard Ports
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt when a communication using HTTP protocol happens through a port other than standard HTTP port(80 or 8080).
      - Deployment: Not enabled by default in any deployment.

    33605: HTTP: Apple Safari KWQListIteratorImpl() HTML Tag Handling DoS Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an KWQListIteratorImpl() HTML tag handling denial-of-service vulnerability in Apple Safari.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 17634
        - Common Vulnerabilities and Exposures: CVE-2006-1986 CVSS 7.5

    33650: ZDI-CAN-7168: Zero Day Initiative Vulnerability (Apache HTTPD Server 2.x)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apache HTTPD Server 2.x.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33674: ZDI-CAN-7251: Zero Day Initiative Vulnerability (Microsoft Visual Studio)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Visual Studio.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33685: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8583

    33686: HTTP: Microsoft Edge Chakra InlineArrayPush Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8617

    33687: HTTP: Microsoft Edge Chakra defineSetter Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8618

    33688: HTTP: Microsoft Edge Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8624

    33689: HTTP: Microsoft Edge ArrayBuffer Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8629

    33690: HTTP: Microsoft Internet Explorer Array Prototype Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a out-of-bounds vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8631

    33691: HTTP: Microsoft Edge SpeechSynthesis Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8634

    33692: ZDI-CAN-7262: Zero Day Initiative Vulnerability (Microsoft SharePoint)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33693: ZDI-CAN-7261: Zero Day Initiative Vulnerability (Microsoft SharePoint)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33694: ZDI-CAN-7382: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33695: ZDI-CAN-7412: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33696: ZDI-CAN-7427: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    33697: ZDI-CAN-7409: Zero Day Initiative Vulnerability (Microsoft Chakra)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Chakra.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    33700: HTTP: Synology Photo Station Arbitrary File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Synology Photo Station.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-11151 CVSS 7.5

    33701: HTTP: MDaemon WorldClient XML Injection Vulnerability (EasyBee)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an XML injection vulnerability in MDaemon.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 103039
        - Common Vulnerabilities and Exposures: CVE-2018-1216

    33703: TCP: IBM Tivoli Storage Manager FastBack Server Opcode 4754 Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 84166
        - Common Vulnerabilities and Exposures: CVE-2015-8520 CVSS 7.5

    33704: TCP: IBM Tivoli Storage Manager FastBack Server Opcode 1796 Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 84161
        - Common Vulnerabilities and Exposures: CVE-2015-8519 CVSS 7.5

    33705: TCP: IBM Tivoli Storage Manager FastBack Server Opcode 1799 Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 84163
        - Common Vulnerabilities and Exposures: CVE-2015-8522 CVSS 7.5

    33706: TCP: Flexense Diskboss Enterprise Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Flexense Diskboss Enterprise.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-5262

    33707: HTTP: Apache Camel XML CamelXsltResourceUri Java Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an injection vulnerability in Apache Camel.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 65902
        - Common Vulnerabilities and Exposures: CVE-2014-0003 CVSS 7.5

    33708: HTTP: Microsoft XML XSL VBScript Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of VBScript in MSXML XSL files.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8619

    33709: HTTP: Raptr AMD Gaming Evolved "execute_installer" Command Function Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Raptr AMD Gaming Evolved software.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-6546

    33710: HTTP: IBM Tivoli Storage Manager FastBack Server Opcode 1798 Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 84167
        - Common Vulnerabilities and Exposures: CVE-2015-8521

    33711: HTTP: Adobe Flash Player SWF Parsing Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-15982

    33713: UDP: HPE Intelligent Management Center imcwlandm UserName Buffer Overflow Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Hewlett Packard Enterprise Intelligent Management Center.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-5805

    33714: TCP: DEWESoft X3 Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a command execution vulnerability in DEWESoft X3.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-7756

    33719: HTTP: Docker Daemon API Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Docker Daemon API.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    33721: FTP: Cisco IOS Firewall Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Cisco Smart Install Devices.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2005-2841

    33722: SMB: MsFteWds Named Pipe Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the MsFteWds named pipe in SMB traffic.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-11771, CVE-2017-8620

    33728: SMB: Suspicious SMB_COM_OPEN_ANDX/SMB_COM_NT_CREATE_ANDX Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a suspicious SMB_COM_OPEN_ANDX or SMB_COM_NT_CREATE_ANDX Request.
      - Deployment: Not enabled by default in any deployment.

    33818: HTTP: Microsoft PowerPoint Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft PowerPoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8628

    33819: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8625

    33820: HTTP: Microsoft Windows Kernel Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8611

    33822: HTTP: Microsoft Windows win32kfull.sys Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-8639

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 9268: HTTP: HP OpenView NNM snmpviewer.exe Stack Buffer Overflow Vulnerability (ZDI-10-083)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    10529: HTTP: HP OpenView Network Node Manager Buffer Overflow Vulnerability (ZDI-11-010/ZDI-11-348)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 10682: HTTP: HP OpenView Network Node Manager Buffer Overflow (ZDI-11-007, ZDI-11-011)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    12664: HTTP: Oracle Outside In XPM Image Processing Stack Buffer Overflow (ZDI-12-150)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    16892: HTTP: Drupal Core SQL Injection Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    20800: HTTP: Adobe Flash Oversized MP3 ID3 Frame Header
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    23783: UDP: Cisco ASA Fragment Reassembly Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    24928: NTP: Network Time Protocol Daemon crypto-NAK Denial-of-Service Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 26021: TCP: Memcached process_bin_update body_len Integer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 26111: TCP: Memcached process_bin_append_prepend Integer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    26703: LDAP: Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow Vulnerability (ZDI-17-053)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 29749: TCP: HPE Intelligent Management Center imcwlandm UserName Buffer Overflow Vulnerability (ZDI-17-317)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 30052: HTTP: Supervisor XML-RPC Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    30548: TCP: CloudMe Sync Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    30941: HTTP: Microsoft .NET Framework Proxy Auto-Discovery Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    30957: HTTP: Apple Safari Form Element Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    31155: NTP: Network Time Protocol ntpq decodearr Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    31851: DHCP: Red Hat Fedora DHCP Client NetworkManager Input Validation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    32667: FTP: FTPShell Client Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    32820:  HTTP: INVT Electric VT-Designer PM3 Untrusted Data Deserialization Vulnerability (ZDI-18-1361) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32820: ZDI-CAN-6428: Zero Day Initiative Vulnerability (INVT VT-Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32823: HTTP: INVT Electric VT-Designer File Parsing Buffer Overflow Vulnerability (ZDI-18-1360) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32823: ZDI-CAN-6414: Zero Day Initiative Vulnerability (INVT VT-Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32826: HTTP: Apple Safari WebCrypto Race Condition Remote Code Execution Vulnerability (ZDI-18-1323)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32826: ZDI-CAN-6388: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    32919: HTTP: SonicWall Global Management System XMLRPC set_time_zone Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 33285: HTTP: Microsoft Windows Win32k Kernel Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33482: HTTP: Microsoft Windows JScript Array concat Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33482: ZDI-CAN-7156: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33518: HTTP: Microsoft Outlook Rule Import Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    33614: HTTP: Non-Standard URI Path Within Host Header Field
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 33634: HTTP: Apache Solr RunExecutableListener Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    9944: SSH: SSH Login Attempt On FTP Port
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    9950: SSH: SSH Login Attempt On VNC Port
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 30523: HTTP: Adobe Reader DC TTF Text Layout Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    33631: HTTP: Advantech WebAccess SCADA WADashboard writeFile Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33631: Advantech WebAccess SCADA WADashboard writeFile Directory Traversal Vulnerability".

  Removed Filters: None
      


Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000124018
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.