Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9301

    • Updated:
    • 16 Jul 2019
    • Product/Version:
    • Platform:
Summary
Digital Vaccine #9301      July 9, 2019
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before July 09, 2019. The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2019-0785 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0811 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0865 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0880 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0887 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0962 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0966 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0975 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0999 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-100135658 
CVE-2019-100435659 
CVE-2019-1006 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1037 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1056 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1059 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-106235660 
CVE-2019-106335661 
CVE-2019-1067 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1068 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1071 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1072 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1073 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1074 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1075 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1076 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1077 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1079 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1082 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1083 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1084 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1085 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1086 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1087 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1088 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1089 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1090 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1091 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-109235666 
CVE-2019-1093*34980 
CVE-2019-1094*34985 
CVE-2019-1095*34983 
CVE-2019-1096 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1097*34954 
CVE-2019-1098*35172 
CVE-2019-1099*35171 
CVE-2019-1100*34955 
CVE-2019-1101*35307 
CVE-2019-1102*35095 
CVE-2019-110335667 
CVE-2019-110435668 
CVE-2019-110635669 
CVE-2019-110735670 
CVE-2019-1108 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1109 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1110*34253 
CVE-2019-1111*34216 
CVE-2019-1112*35398 
CVE-2019-1113 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1116*34957 
CVE-2019-1117 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1118 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1119 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1120 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1121 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1122 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1123 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1124 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1125 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1126 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1127 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1128 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1129 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1130 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1132 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1136 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1137 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9301.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9301.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 46
 Modified Filters (logic changes) - 27
 Modified Filters (metadata changes only) - 3
 Removed Filters - 0

Filters
----------------
 New Filters:
    35638: HTTP: Webmin Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command execution vulnerability in Webmin.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 108790
        - Common Vulnerabilities and Exposures: CVE-2019-12840

    35652: RPC: Advantech WebAccess SCADA IOCTL 0x13C80 Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess SCADA.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-3954 CVSS 7.5

    35653: HTTP: Adobe Flash DuplicateMovieClip Use-After-Free Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-8412

    35654: HTTP: LibreNMS addhost Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code injection vulnerability in LibreNMS.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-20434 CVSS 10.0

    35655: HTTP: Adobe Flash Pre-Validated Bytecode Memory Corruption Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-0303 CVSS 10.0

    35658: HTTP: Microsoft Internet Explorer Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1001

    35659: HTTP: Microsoft Windows Scripting Engine Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows Scripting Engine.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1004

    35660: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1062

    35661: HTTP: Microsoft Internet Explorer Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1063

    35666: HTTP: Microsoft Edge Chakra Scripting Engine Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1092

    35667: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1103

    35668: HTTP: Microsoft Internet Explorer Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1104

    35669: HTTP: Microsoft Edge JIT Object.prototype Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1106

    35670: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1107

    35675: HTTP: Adobe Flash PCRE RegEx Engine Code Execution Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-0329 CVSS 10.0

    35676: SMTP: GIF File Transfer
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Low
      - Description: This filter detects a GIF file transfer over SMTP.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-0135 CVSS 10.0

    35677: RPC: Advantech WebAccess SCADA IOCTL 10012 Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-3953 CVSS 7.5

    35678: TCP: Oracle WebLogic UnknownMsgHeader External Entity Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an external entity injection vulnerability in Oracle WebLogic.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-2649 CVSS 5.0

    35679: HTTP: Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Zoho ManageEngine Netflow Analyzer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 108672
        - Common Vulnerabilities and Exposures: CVE-2019-12196 CVSS 7.5

    35680: HTTP: Adobe Flash Button.filters Type Confusion Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-3077 CVSS 10.0

    35681: HTTP: Adobe Flash ShaderJob Memory Corruption Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects attempts to exploit a memory corruption vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-3090 CVSS 10.0

    35682: HTTP: Adobe Flash TextFilter.filters Use-After-Free Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-3118 CVSS 10.0

    35683: HTTP: Adobe Flash User Shared Data Memory Corruption Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-5125

    35684: HTTP: Adobe Flash SetSelection Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-8413

    35685: HTTP: Adobe Flash SetSelection Use-After-Free Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-8413

    35686: HTTP: Adobe Flash Shader Memory Corruption Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Flash.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2014-0515 CVSS 10.0

    35687: ZDI-CAN-8689: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    35688: ZDI-CAN-8732: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35689: ZDI-CAN-8746: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35690: ZDI-CAN-8747: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35691: ZDI-CAN-8765: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35692: ZDI-CAN-8781: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35694: ZDI-CAN-8788: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35695: ZDI-CAN-8794: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35696: ZDI-CAN-8795,8798: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35697: ZDI-CAN-8796,8797,8799: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35698: ZDI-CAN-8800: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35699: ZDI-CAN-8811: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35700: ZDI-CAN-8816: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35701: ZDI-CAN-8817: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35702: ZDI-CAN-8818: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    35703: ZDI-CAN-8819: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35704: ZDI-CAN-8820: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35705: ZDI-CAN-8854: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35707: ZDI-CAN-8927: Zero Day Initiative Vulnerability (WECON PIStudio)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON PIStudio.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35713: HTTP: Microsoft Outlook Webpage Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Microsoft Outlook.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 101098
        - Common Vulnerabilities and Exposures: CVE-2017-11774 CVSS 6.8

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 0809: Telnet: Buffer Overflow Exploit
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 13922: HTTP: Adobe Flash Shader Memory Corruption Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "13922: HTTP: Adobe Flash Memory Corruption Vulnerability".
      - Detection logic updated.

    * 19517: HTTP: Adobe Flash PCRE RegEx Engine Code Execution Vulnerability 
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "19517: HTTP: Adobe Flash Malicious File Download".
      - Description updated.
      - Detection logic updated.

    * 19872: HTTP: Adobe Flash ShaderJob Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "19872: HTTP: Adobe Flash Malicious File Download".
      - Description updated.
      - Detection logic updated.

    * 19876: HTTP: Adobe Flash Button.filters Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "19876: HTTP: Adobe Flash Malicious File Download".
      - Description updated.
      - Detection logic updated.

    * 20099: HTTP: Adobe Flash TextFilter.filters Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "20099: HTTP: Adobe Flash Malicious File Download".
      - Description updated.
      - Detection logic updated.

    * 20349: HTTP: Wavelink Emulation License Server Buffer Overflow Vulnerability (ZDI-15-245)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 20422: HTTP: Adobe Flash MovieClip.scrollRect Use-After-Free Vulnerability 
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "20422: HTTP: Adobe Flash Malicious File Download".
      - Description updated.
      - Detection logic updated.

    * 20444: HTTP: Adobe Flash User Shared Data Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "20444: HTTP: Adobe Flash Malicious File Download".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.

    33281: HTTP: LAquis SCADA LGX Report Parsing Out-Of-Bounds Write Vulnerability (ZDI-19-057)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34216: HTTP: Microsoft Office Excel Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34216: ZDI-CAN-7605: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34253: HTTP: Microsoft Office Excel Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34253: ZDI-CAN-7749: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34899: HTTP: Adobe Flash MovieClip.scrollRect Use-After-Free Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34899: HTTP: Adobe Flash Player MovieClip Use-After-Free Vulnerability (Upload)".
      - Detection logic updated.

    * 34954: HTTP: Microsoft Windows DirectWrite Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34954: ZDI-CAN-8055: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34955: HTTP: Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34955: ZDI-CAN-8036: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34957: HTTP: Microsoft Windows gdiplus Font Parsing Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34957: ZDI-CAN-8058: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34980: HTTP: Microsoft Windows gdiplus Font Parsing Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34980: ZDI-CAN-8034: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34983: HTTP: Microsoft Windows DirectWrite Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34983: ZDI-CAN-8190: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34985: HTTP: Microsoft Windows gdiplus ConvertToEMFPlus Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34985: ZDI-CAN-8197: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35095: HTTP: Microsoft Windows gdiplus EMF Parsing Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35095: ZDI-CAN-8112: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35171: HTTP: Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35171: ZDI-CAN-8037: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35172: HTTP: Microsoft Windows gdiplus Font Parsing Integer Underflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35172: ZDI-CAN-8050: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35307: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35307: ZDI-CAN-8202: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35370: ZDI-CAN-8494: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Detection logic updated.

    35398: HTTP: Microsoft Office Excel Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35398: ZDI-CAN-8524: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35427: HTTP: Electronic Arts Origin Client URI Handler Code Execution Vulnerability (ZDI-19-574)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35427: ZDI-CAN-8686: Zero Day Initiative Vulnerability (Electronic Arts Origin)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35521: HTTP: Adobe ColdFusion CFFILE Upload Action Unrestricted File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    16609: HTTP: ManageEngine Applications Manager CommonAPIUtil getMGList groupId SQL Injection (ZDI-15-235)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    22310: SSH: Juniper ScreenOS SSH Login Attempt
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    22515: SMTP: IBM Domino Image File Parsing Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

  Removed Filters: None
      

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000139658
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.