Summary
Digital Vaccine #9269 April 23, 2019
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9269.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9269.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 13
Modified Filters (logic changes) - 11
Modified Filters (metadata changes only) - 4
Removed Filters - 0
Filters
----------------
New Filters:
34381: HTTP: Adobe Flash Player MovieClip.swapDepths Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2016-0997
34589: HTTP: Adobe Flash Player MovieClip.swapDepths Use-After-Free Vulnerability (Upload)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2016-0997
35000: HTTP: Microsoft Windows Uniscribe Font Processing Multiple Out-of-Bounds Read Vulnerabilities
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-0083, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128
- Microsoft Security Bulletin: MS17-011
35003: HTTP: Microsoft Windows Uniscribe Font Processing Multiple Out-of-Bounds Read Vulnerabilities
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-0083, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128
- Microsoft Security Bulletin: MS17-011
35004: HTTP: Microsoft Windows Uniscribe Font Processing Multiple Out-of-Bounds Read Vulnerabilities
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-0083, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128
- Microsoft Security Bulletin: MS17-011
35015: HTTP: Adobe Acrobat JPEG2000 Palette Box Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the download of a PDF file with an embedded JPEG2000 stream.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 104167
- Common Vulnerabilities and Exposures: CVE-2018-4990
35017: TLS: Facebook Fizz TLS 1.3 Early Data Integer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an integer overflow vulnerability in Facebook Fizz.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-3560
35019: HTTP: Microsoft Windows Uniscribe Font Processing Multiple Out-of-Bounds Read Vulnerabilities
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-0083, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128
- Microsoft Security Bulletin: MS17-011
35020: HTTP: Microsoft Windows Uniscribe Font Processing Multiple Out-of-Bounds Read Vulnerabilities
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-0083, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128
- Microsoft Security Bulletin: MS17-011
35021: ZDI-CAN-7555: Zero Day Initiative Vulnerability (Apple Safari)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
35022: ZOOM: Zoom Remote Desktop Control Access
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects an attempt to exploit remote desktop control access by using Zoom Video Communications.
- Deployment: Not enabled by default in any deployment.
35023: HTTP: Oracle E-Business Suite iesfootprint SQL Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle E-Business Suite.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-3549
35035: HTTP: ConnectWise Control Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects the requests sent from ConnectWise Control center panel.
- Deployment: Not enabled by default in any deployment.
Modified Filters (logic changes):
* = Enabled in Default deployments
* 16686: HTTP: BlazeVideo BlazeDVD Pro PLF File Processing Buffer Overflow Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
16892: HTTP: Drupal Core SQL Injection Vulnerability
- IPS Version: 3.2.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 30345: HTTP: Microsoft Chakra Javascript __proto__ JIT Optimization Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
31591: HTTP: Adobe Acrobat JPEG2000 Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
32877: DNS: ISC BIND deny-answer-aliases Assertion Failure Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
34248: HTTP: Suspicious JavaScript Split Reverse Join Function Calls
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
34699: HTTP: Microsoft Internet Explorer MSHTML Security Bypass Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category changed from "Exploits" to "Vulnerabilities".
- Detection logic updated.
- Vulnerability references updated.
- Deployments updated and are now:
- Deployment: Security-Optimized (Block / Notify)
34901: ZDI-CAN-7273,7286-7292: Zero Day Initiative Vulnerability (Belkin SuperTask)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Name changed from "34901: ZDI-CAN-7273: Zero Day Initiative Vulnerability (Belkin SuperTask)".
- Detection logic updated.
- Vulnerability references updated.
34902: ZDI-CAN-7274,7278: Zero Day Initiative Vulnerability (Belkin SuperTask)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Name changed from "34902: ZDI-CAN-7274: Zero Day Initiative Vulnerability (Belkin SuperTask)".
- Detection logic updated.
- Vulnerability references updated.
34903: ZDI-CAN-7275,7277,7283: Zero Day Initiative Vulnerability (Belkin SuperTask)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Name changed from "34903: ZDI-CAN-7275: Zero Day Initiative Vulnerability (Belkin SuperTask)".
- Detection logic updated.
- Vulnerability references updated.
35018: HTTP: Apache Tomcat Remote Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35018: HTTP: Apache Tomcat Remote Code Execution on Windows".
- Description updated.
- Detection logic updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
34042: HTTP: Microsoft Internet Explorer Property Type Confusion Vulnerability (ZDI-19-359)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "34042: HTTP: Microsoft Internet Explorer Property Type Confusion Vulnerability".
- Description updated.
- Vulnerability references updated.
* 34716: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability (ZDI-19-361)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "34716: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability".
- Description updated.
- Vulnerability references updated.
34831: HTTP: Microsoft Windows EMF File Uninitialized Pointer Vulnerability (ZDI-19-362)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "34831: HTTP: Microsoft Windows EMF File Uninitialized Pointer Vulnerability".
- Description updated.
- Vulnerability references updated.
34832: HTTP: Microsoft Windows EMF File Uninitialized Pointer Vulnerability (ZDI-19-363)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "34832: HTTP: Microsoft Windows EMF File Uninitialized Pointer Vulnerability".
- Description updated.
- Vulnerability references updated.
Removed Filters: None
Top of the Page
