Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9229

    • Updated:
    • 13 Feb 2019
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9229      February 12, 2019
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before February 12, 2019. The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2019-0540 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-059034351 
CVE-2019-059134352 
CVE-2019-0593*33881 
CVE-2019-0594*33693 
CVE-2019-0595*33554 
CVE-2019-0596*33555 
CVE-2019-0597*33556 
CVE-2019-0598*33557 
CVE-2019-0599*33552 
CVE-2019-0600 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0601 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0602*33902 
CVE-2019-0604*33692 
CVE-2019-0605 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-060634354 
CVE-2019-060734355 
CVE-2019-061034356 
CVE-2019-0613 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0615*33657, *33972 
CVE-2019-0616*33695 
CVE-2019-0618*33956, *34035 
CVE-2019-0619*33955, *34219 
CVE-2019-062134357 
CVE-2019-0623 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0625*33871 
CVE-2019-0626 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0627 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-062834358 
CVE-2019-063034359 
CVE-2019-0631 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0632 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0633 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0634 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0635 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-063634361 
CVE-2019-0637 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-064034362 
CVE-2019-0641 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-064234363 
CVE-2019-0643 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-064434364 
CVE-2019-064534375 
CVE-2019-064834365 
CVE-2019-0649 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-065034366 
CVE-2019-065134367 
CVE-2019-065234368 
CVE-2019-0654 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-065534369 
CVE-2019-065634370 
CVE-2019-0657 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-065834371 
CVE-2019-0659 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0660 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-066134372 
CVE-2019-0662 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0664 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0668 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-066934373 
CVE-2019-0670 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0671*33974 
CVE-2019-0672 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0673*33900 
CVE-2019-0674*33899, *34007 
CVE-2019-0675 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-067634374 
CVE-2019-0686 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0724 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0728 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0741 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0742 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0743 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9229.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9229.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 31
 Modified Filters (logic changes) - 25
 Modified Filters (metadata changes only) - 2
 Removed Filters - 4

Filters
----------------
 New Filters:
    33404: TFTP: Cisco Prime Infrastructure swimtemp TFTP Arbitrary File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Cisco Prime Infrastructure.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-15379

    34063: TCP: Softros Network Time System Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects a denial-of-service vulnerability in Softros Network Time System Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-7658

    34095: HTTP: Fortinet FortiOS Cookie Parser Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Fortinet FortiOS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2016-6909

    34244: HTTP: Mozilla Firefox Table Use-After Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Mozilla Firefox.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-5404

    34247: HTTP: PHP imap_open Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in PHP.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-19518

    34252: HTTP: Alt-N MDaemon WorldClient Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to make a suspicious request to an Alt-N MDaeamon WorldClient Server.
      - Deployment: Not enabled by default in any deployment.

    34254: HTTP: Oracle Reports Developer Component Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Oracle Reports Developer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-2413

    34255: HTTP: Linux APT Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a remote code execution vulnerability in Linux APT.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-3462

    34351: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0590

    34352: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0591

    34354: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0606

    34355: HTTP: Microsoft Edge WebAssembly exports Property Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0607

    34356: HTTP: Microsoft Edge JIT Engine Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0610

    34357: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0621

    34358: HTTP: Microsoft Windows Win32k Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0628

    34359: SMB: Microsoft SMB Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft SMB.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0630

    34361: HTTP: Microsoft Windows Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0636

    34362: HTTP: Microsoft Edge Window.eval Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0640

    34363: HTTP: Microsoft Edge Object Push Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0642

    34364: HTTP: Microsoft Edge With Method Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0644

    34365: HTTP: Microsoft Edge Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0648

    34366: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0650

    34367: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0651

    34368: HTTP: Microsoft Edge Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0652

    34369: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0655

    34370: HTTP: Microsoft Windows Win32k Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0656

    34371: HTTP: Microsoft Edge Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0658

    34372: HTTP: Microsoft Windows NT Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows NT.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0661

    34373: HTTP: Microsoft Excel Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0669

    34374: HTTP: Microsoft Internet Explorer Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0676

    34375: HTTP: Microsoft Edge SVG Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0645

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 24638: HTTP: Adobe Flash DeleteRangeTimelineOperation Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    27133: HTTP: Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    * 30341: HTTP: Microsoft Windows LNK Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    33552: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33552: ZDI-CAN-7315: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33554: HTTP: Microsoft Windows JET Database Engine Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33554: ZDI-CAN-7317: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33555: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33555: ZDI-CAN-7318: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33556: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33556: ZDI-CAN-7321: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33557: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33557: ZDI-CAN-7323: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33657: HTTP: Microsoft Windows GDI Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33657: ZDI-CAN-7337: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33692: HTTP: Microsoft SharePoint EntityInstanceIdEncoder Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33692: ZDI-CAN-7262: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33693: HTTP: Microsoft SharePoint BDC Import Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33693: ZDI-CAN-7261: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33695: HTTP: Microsoft Windows gdiplus DoExtTextOut Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33695: ZDI-CAN-7412: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33871: HTTP: Microsoft Windows JET Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33871: ZDI-CAN-7335: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33881: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33881: ZDI-CAN-7153: Zero Day Initiative Vulnerability (Microsoft Chakra)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33899: HTTP: Microsoft Access Database Engine ACEEXCL Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33899: ZDI-CAN-7404: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33900: HTTP: Microsoft Access Database Engine ACEEXCL Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33900: ZDI-CAN-7405: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33902: HTTP: Microsoft Windows GDI Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33902: ZDI-CAN-7415: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33955: HTTP: Microsoft Windows CreateDIBitmap Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33955: ZDI-CAN-7575: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33956: HTTP: Microsoft Windows gdiplus DoRotatedStretchBlt Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33956: ZDI-CAN-7525: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33972: HTTP: Microsoft Windows GDI Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33972: ZDI-CAN-7560: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33974: HTTP: Microsoft Access Database Engine ACEEXCL Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33974: ZDI-CAN-7396: Zero Day Initiative Vulnerability (Microsoft Access)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34007: HTTP: Microsoft Access Database Engine ACEEXCL Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34007: ZDI-CAN-7528: Zero Day Initiative Vulnerability (Microsoft Access)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34035: HTTP: Microsoft Windows gdi32full CreateDIBitmap Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34035: ZDI-CAN-7625: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34109: HTTP: Microsoft Windows LNK Memory Corruption Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34219: HTTP: Microsoft Windows gdiplus DoStretchBlt Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34219: ZDI-CAN-7689: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 34067: HTTP: Imperva SecureSphere PWS Python CGIs Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    34119: HTTP: Joomla Component Jimtawl SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34119: HTTP: Joomla Component Jimtawl  SQL Injection Vulnerability".

  Removed Filters:

    9308: HTTP: ASPXSpy Malicious Backdoor Upload
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    9358: Backdoor: ASPXSpy Backdoor Communication
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    13764: HTTP: China Chopper Malware Communication Attempt
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    13767: HTTP: China Chopper Malware Communication Attempt
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000125930
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.