Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9261

    • Updated:
    • 9 Apr 2019
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9261      April 9, 2019
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before April 9, 2019. The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2019-068534949 
CVE-2019-0688 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0730 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0731 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0732 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0735 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0739 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0752*34042 
CVE-2019-075334929 
CVE-2019-0764 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0786 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0790 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0791 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0792 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-079334930 
CVE-2019-079434931 
CVE-2019-0795 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0796 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-080134933 
CVE-2019-0802 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-080334951 
CVE-2019-0805 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-080634936 
CVE-2019-081034937 
CVE-2019-081234938 
CVE-2019-0813 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-081434939 
CVE-2019-0815 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0817 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-082234940 
CVE-2019-0823 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0824 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0825 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0826 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0827 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0828 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-082934941 
CVE-2019-0830 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0831 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0833 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0835 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0836 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0837 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0838 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0839 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0840 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0841 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0842 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-084434944 
CVE-2019-0845 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0846 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0847 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0848 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0849 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0851 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0853 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0856 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0857 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0858 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-085934945 
CVE-2019-086034946 
CVE-2019-086134947 
CVE-2019-086234948 
CVE-2019-0866 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0867 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0868 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0869 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0870 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0871 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0872 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0874 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0875 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0876 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0877 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0879 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9261.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9261.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 37
 Modified Filters (logic changes) - 21
 Modified Filters (metadata changes only) - 18
 Removed Filters - 0

Filters
----------------
 New Filters:
    34889: HTTP: Delta Industrial Automation CNCSoft Buffer Overflow Vulnerability (ZDI-18-1071)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Delta Industrial Automation CNCSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-10636
        - Zero Day Initiative: ZDI-18-1071

    34899: HTTP: Adobe Flash Player MovieClip Use-After-Free Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash Player.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-5130

    34901: ZDI-CAN-7273: Zero Day Initiative Vulnerability (Belkin SuperTask)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin SuperTask.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34902: ZDI-CAN-7274: Zero Day Initiative Vulnerability (Belkin SuperTask)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin SuperTask.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34903: ZDI-CAN-7275: Zero Day Initiative Vulnerability (Belkin SuperTask)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin SuperTask.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34906: ZDI-CAN-8341: Zero Day Initiative Vulnerability (Adobe Reader DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Reader DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34912: HTTP: Adobe Flash Player attachMovie Use-After-Free Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash Player.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-5551

    34914: HTTP: Adobe Flash Player attachMovie Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash Player.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-5551

    34917: ZDI-CAN-7787: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34918: ZDI-CAN-7858: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34919: ZDI-CAN-7939: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34920: ZDI-CAN-8228: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34921: ZDI-CAN-8265: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34922: ZDI-CAN-8272: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34929: HTTP: Microsoft Scripting Engine RegExp Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Script Engine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0753

    34930: HTTP: Microsoft Internet Explorer XSL Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0793

    34931: HTTP: Microsoft Internet Explorer VBScript Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0794

    34933: HTTP: Microsoft Office Protocol Handler Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Microsoft Office.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0801

    34936: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0806

    34937: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0810

    34938: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0812

    34939: HTTP: Microsoft Windows Win32k Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0814

    34940: HTTP: Microsoft PowerPoint Use-After-free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft PowerPoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0822

    34941: HTTP: Microsoft Chakra Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Chakra Scripting Engine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0829

    34944: HTTP: Microsoft Windows NT KASLR Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows NT.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0844

    34945: HTTP: Microsoft Windows Win32K Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0859

    34946: HTTP: Microsoft Chakra Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Chakra.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0860

    34947: HTTP: Microsoft Chakra Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Chakra.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0861

    34948: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0862

    34949: HTTP: Microsoft Windows Win32k Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0685

    34951: HTTP: Microsoft Windows GDI Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0803

    34952: HTTP: Trend Micro Apex One & OfficeScan Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Trend Micro Apex One and OfficeScan.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-9489

    34953: ZDI-CAN-8293: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34954: ZDI-CAN-8055: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34955: ZDI-CAN-8036: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34956: ZDI-CAN-8056: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34957: ZDI-CAN-8058: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 0465: MS-SQL: xp_cmdshell Program Execution
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    3831: DNS: Phishing Subdomain Name Request
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3831: DNS: Possible Phishing Subdomain Name Request".
      - Description updated.
      - Detection logic updated.

    4804: HTTP: SQL Injection (Cookie Header)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    13720: TCP: Persistent Systems Client Automation Command Injection Vulnerability (ZDI-15-038)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Exploits" to "Vulnerabilities".
      - Detection logic updated.

    19279: HTTP: WordPress Download Manager Code Execution
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 20422: HTTP: Adobe Flash Malicious File Download
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24030: HTTP: Microsoft Windows OleLoadPicture Memory Corruption Vulnerability (ZDI-16-181)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    30702: FTP: ProFTPD mod_copy Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33190: HTTP: LAquis SCADA LQS File Parsing Use-After-Free Vulnerability (ZDI-19-056)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33190: ZDI-CAN-6452: Zero Day Initiative Vulnerability (LAquis SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33281: HTTP: LAquis SCADA LGX Report Parsing Out-Of-Bounds Write Vulnerability (ZDI-19-057)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33281: ZDI-CAN-6490: Zero Day Initiative Vulnerability (LAquis SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33478: HTTP: Oracle Java SE jnlp jnlps Directory Traversal Vulnerability (ZDI-19-033)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33478: ZDI-CAN-7151: Zero Day Initiative Vulnerability (Oracle Java)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33513: HTTP: Drupal Core phar stream wrapper Insecure Deserialization Vulnerability (ZDI-19-130)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33513: HTTP: Drupal Phar File Parsing Deserialization Vulnerability (ZDI-19-130)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33661: HTTP: OMRON CX-One CX-Protocol CObject Type Confusion Vulnerability (ZDI-19-120)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33661: ZDI-CAN-6587: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33662: HTTP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-19-176)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33662: ZDI-CAN-6698: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33671: HTTP: Foxit Reader XFA remerge Use-After-Free Vulnerability (ZDI-19-133)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33671: ZDI-CAN-7347: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33971: HTTP: Foxit Reader JavaScript popUpMenu Use-After-Free Vulnerability (ZDI-19-136)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33971: ZDI-CAN-7368: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34042: HTTP: Microsoft Internet Explorer Property Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34042: ZDI-CAN-7757: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34568: DHCP: Microsoft Windows DHCP Server Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34568: DHCP: Microsoft Windows DHCP Server Code Execution Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34693: HTTP: Microsoft Internet Explorer VBScript Engine VbsErase Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34693: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34784: ZDI-CAN-8005: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.

    34786: ZDI-CAN-8149: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 8546: Exploit: Shellcode Payload
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 25469: HTTP: HPE Intelligent Management Center FileDownloadServlet Information Disclosure (ZDI-17-165)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    26555: HTTP: Adobe Flash ATF EC2 Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 26563: HTTP: Adobe Flash FLV PreviousTagSize Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 27154: HTTP: Adobe Flash Video Decoder Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    27228: HTTP: HPE Intelligent Management Center dbman Opcode 10008 Command Injection (ZDI-17-340)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    27235: TCP: HPE Intelligent Management Center dbman Opcode 10004 Command Injection (ZDI-17-336)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    27239: TCP: HPE Intelligent Management Center dbman Opcode 10006 Command Injection (ZDI-17-339)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    27926: TELNET: Cisco IOS Cluster Management Protocol Code Execution Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 28287: HTTP: HPE Intelligent Management Center Insecure Deserialization (ZDI-17-831-33,ZDI-17-850-55)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    28896: HTTP: Quest NetVault Backup Server checksession Authentication Bypass Vulnerability (ZDI-18-006)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 29749: TCP: HPE Intelligent Management Center imcwlandm UserName Buffer Overflow Vulnerability (ZDI-17-317)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 30350: HTTP: IBM Informix OpenAdmin Tool welcomeService.php Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 31756: HTTP: Zoho ManageEngine Applications Manager Code Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    32667: FTP: FTPShell Client Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    32895: HTTP: Unrestricted PHP File Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    33380: HTTP: jQuery Unrestricted PHP File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

  Removed Filters: None
      

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000129063
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.