Summary
Digital Vaccine #9261 April 9, 2019
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before April 9, 2019. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE # | TippingPoint Filter # | Status |
CVE-2019-0685 | 34949 | |
CVE-2019-0688 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0730 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0731 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0732 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0735 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0739 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0752 | *34042 | |
CVE-2019-0753 | 34929 | |
CVE-2019-0764 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0786 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0790 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0791 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0792 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0793 | 34930 | |
CVE-2019-0794 | 34931 | |
CVE-2019-0795 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0796 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0801 | 34933 | |
CVE-2019-0802 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0803 | 34951 | |
CVE-2019-0805 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0806 | 34936 | |
CVE-2019-0810 | 34937 | |
CVE-2019-0812 | 34938 | |
CVE-2019-0813 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0814 | 34939 | |
CVE-2019-0815 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0817 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0822 | 34940 | |
CVE-2019-0823 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0824 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0825 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0826 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0827 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0828 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0829 | 34941 | |
CVE-2019-0830 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0831 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0833 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0835 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0836 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0837 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0838 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0839 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0840 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0841 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0842 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0844 | 34944 | |
CVE-2019-0845 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0846 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0847 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0848 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0849 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0851 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0853 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0856 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0857 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0858 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0859 | 34945 | |
CVE-2019-0860 | 34946 | |
CVE-2019-0861 | 34947 | |
CVE-2019-0862 | 34948 | |
CVE-2019-0866 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0867 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0868 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0869 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0870 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0871 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0872 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0874 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0875 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0876 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0877 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2019-0879 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9261.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9261.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 37
Modified Filters (logic changes) - 21
Modified Filters (metadata changes only) - 18
Removed Filters - 0
Filters
----------------
New Filters:
34889: HTTP: Delta Industrial Automation CNCSoft Buffer Overflow Vulnerability (ZDI-18-1071) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Delta Industrial Automation CNCSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-10636 - Zero Day Initiative: ZDI-18-1071 34899: HTTP: Adobe Flash Player MovieClip Use-After-Free Vulnerability (Upload) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash Player. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2015-5130 34901: ZDI-CAN-7273: Zero Day Initiative Vulnerability (Belkin SuperTask) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin SuperTask. - Deployments: - Deployment: Security-Optimized (Block / Notify) 34902: ZDI-CAN-7274: Zero Day Initiative Vulnerability (Belkin SuperTask) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin SuperTask. - Deployments: - Deployment: Security-Optimized (Block / Notify) 34903: ZDI-CAN-7275: Zero Day Initiative Vulnerability (Belkin SuperTask) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin SuperTask. - Deployments: - Deployment: Security-Optimized (Block / Notify) 34906: ZDI-CAN-8341: Zero Day Initiative Vulnerability (Adobe Reader DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Reader DC. - Deployments: - Deployment: Security-Optimized (Block / Notify) 34912: HTTP: Adobe Flash Player attachMovie Use-After-Free Vulnerability (Upload) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash Player. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2015-5551 34914: HTTP: Adobe Flash Player attachMovie Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash Player. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2015-5551 34917: ZDI-CAN-7787: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 34918: ZDI-CAN-7858: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 34919: ZDI-CAN-7939: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 34920: ZDI-CAN-8228: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 34921: ZDI-CAN-8265: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 34922: ZDI-CAN-8272: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify) 34929: HTTP: Microsoft Scripting Engine RegExp Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Script Engine. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0753 34930: HTTP: Microsoft Internet Explorer XSL Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0793 34931: HTTP: Microsoft Internet Explorer VBScript Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-0794 34933: HTTP: Microsoft Office Protocol Handler Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Microsoft Office. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0801 34936: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-0806 34937: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-0810 34938: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-0812 34939: HTTP: Microsoft Windows Win32k Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0814 34940: HTTP: Microsoft PowerPoint Use-After-free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft PowerPoint. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0822 34941: HTTP: Microsoft Chakra Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Chakra Scripting Engine. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0829 34944: HTTP: Microsoft Windows NT KASLR Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows NT. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0844 34945: HTTP: Microsoft Windows Win32K Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0859 34946: HTTP: Microsoft Chakra Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Chakra. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-0860 34947: HTTP: Microsoft Chakra Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Chakra. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-0861 34948: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0862 34949: HTTP: Microsoft Windows Win32k Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0685 34951: HTTP: Microsoft Windows GDI Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-0803 34952: HTTP: Trend Micro Apex One & OfficeScan Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Trend Micro Apex One and OfficeScan. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-9489 34953: ZDI-CAN-8293: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC. - Deployments: - Deployment: Security-Optimized (Block / Notify) 34954: ZDI-CAN-8055: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 34955: ZDI-CAN-8036: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 34956: ZDI-CAN-8056: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 34957: ZDI-CAN-8058: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) Modified Filters (logic changes): * = Enabled in Default deployments * 0465: MS-SQL: xp_cmdshell Program Execution - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. 3831: DNS: Phishing Subdomain Name Request - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "3831: DNS: Possible Phishing Subdomain Name Request". - Description updated. - Detection logic updated. 4804: HTTP: SQL Injection (Cookie Header) - IPS Version: 3.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 13720: TCP: Persistent Systems Client Automation Command Injection Vulnerability (ZDI-15-038) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category changed from "Exploits" to "Vulnerabilities". - Detection logic updated. 19279: HTTP: WordPress Download Manager Code Execution - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 20422: HTTP: Adobe Flash Malicious File Download - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 24030: HTTP: Microsoft Windows OleLoadPicture Memory Corruption Vulnerability (ZDI-16-181) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 30702: FTP: ProFTPD mod_copy Authentication Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 33190: HTTP: LAquis SCADA LQS File Parsing Use-After-Free Vulnerability (ZDI-19-056) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33190: ZDI-CAN-6452: Zero Day Initiative Vulnerability (LAquis SCADA)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33281: HTTP: LAquis SCADA LGX Report Parsing Out-Of-Bounds Write Vulnerability (ZDI-19-057) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33281: ZDI-CAN-6490: Zero Day Initiative Vulnerability (LAquis SCADA)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33478: HTTP: Oracle Java SE jnlp jnlps Directory Traversal Vulnerability (ZDI-19-033) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33478: ZDI-CAN-7151: Zero Day Initiative Vulnerability (Oracle Java)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33513: HTTP: Drupal Core phar stream wrapper Insecure Deserialization Vulnerability (ZDI-19-130) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33513: HTTP: Drupal Phar File Parsing Deserialization Vulnerability (ZDI-19-130)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33661: HTTP: OMRON CX-One CX-Protocol CObject Type Confusion Vulnerability (ZDI-19-120) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33661: ZDI-CAN-6587: Zero Day Initiative Vulnerability (OMRON CX-One)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33662: HTTP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-19-176) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33662: ZDI-CAN-6698: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33671: HTTP: Foxit Reader XFA remerge Use-After-Free Vulnerability (ZDI-19-133) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33671: ZDI-CAN-7347: Zero Day Initiative Vulnerability (Foxit Reader)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33971: HTTP: Foxit Reader JavaScript popUpMenu Use-After-Free Vulnerability (ZDI-19-136) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33971: ZDI-CAN-7368: Zero Day Initiative Vulnerability (Foxit Reader)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34042: HTTP: Microsoft Internet Explorer Property Type Confusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34042: ZDI-CAN-7757: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. 34568: DHCP: Microsoft Windows DHCP Server Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34568: DHCP: Microsoft Windows DHCP Server Code Execution Vulnerability". - Description updated. - Detection logic updated. - Vulnerability references updated. * 34693: HTTP: Microsoft Internet Explorer VBScript Engine VbsErase Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34693: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability". - Description updated. - Detection logic updated. - Vulnerability references updated. 34784: ZDI-CAN-8005: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. 34786: ZDI-CAN-8149: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Requires: N/NX-Platform, NGFW, or TPS devices - Detection logic updated. Modified Filters (metadata changes only): * = Enabled in Default deployments * 8546: Exploit: Shellcode Payload - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 25469: HTTP: HPE Intelligent Management Center FileDownloadServlet Information Disclosure (ZDI-17-165) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 26555: HTTP: Adobe Flash ATF EC2 Buffer Overflow Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 26563: HTTP: Adobe Flash FLV PreviousTagSize Buffer Overflow Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 27154: HTTP: Adobe Flash Video Decoder Buffer Overflow Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 27228: HTTP: HPE Intelligent Management Center dbman Opcode 10008 Command Injection (ZDI-17-340) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 27235: TCP: HPE Intelligent Management Center dbman Opcode 10004 Command Injection (ZDI-17-336) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 27239: TCP: HPE Intelligent Management Center dbman Opcode 10006 Command Injection (ZDI-17-339) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 27926: TELNET: Cisco IOS Cluster Management Protocol Code Execution Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 28287: HTTP: HPE Intelligent Management Center Insecure Deserialization (ZDI-17-831-33,ZDI-17-850-55) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 28896: HTTP: Quest NetVault Backup Server checksession Authentication Bypass Vulnerability (ZDI-18-006) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 29749: TCP: HPE Intelligent Management Center imcwlandm UserName Buffer Overflow Vulnerability (ZDI-17-317) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 30350: HTTP: IBM Informix OpenAdmin Tool welcomeService.php Command Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 31756: HTTP: Zoho ManageEngine Applications Manager Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 32667: FTP: FTPShell Client Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 32895: HTTP: Unrestricted PHP File Upload - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 33380: HTTP: jQuery Unrestricted PHP File Upload Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. Removed Filters: None
Top of the Page