Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9327

    • Updated:
    • 11 Sep 2019
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9327      September 10, 2019
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before September 10, 2019. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2019-0787 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0788 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0928 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1138 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1142 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1208 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1209 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1214 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1215 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1216 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1217 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1219 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1220 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1221 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1231 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1232 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1233 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1235 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1236 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1237 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1240 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1241 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1242 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1243 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1244 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1245 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1246 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1247 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1248 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1249 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1250 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1251 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1252 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1253 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1254 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1256 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1257*35794 
CVE-2019-1259 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1260 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1261 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1262 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1263 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1264 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1265 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1266 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1267 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1268 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1269 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1270 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1271 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1272 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1273 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1274 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1277 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1280 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1282 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1283 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1284 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1285 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1286 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1287 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1289 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1290 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1291 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1292 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1293 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1294 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1295 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1296*35793 
CVE-2019-1297 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1298 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1299 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1300 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1301 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1302 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1303 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1305 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1306 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9327.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9327.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 10
 Modified Filters (logic changes) - 26
 Modified Filters (metadata changes only) - 1
 Removed Filters - 0

Filters
----------------
 New Filters:
    36093: TCP: Redis HyperLogLog hllSparseToDense Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Redis HyperLogLog.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 109290
        - Common Vulnerabilities and Exposures: CVE-2019-10192
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service

    36101: RPC: Advantech WebAccess Client bwwebd Buffer Overflow Vulnerability (ZDI-19-317)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 107675
        - Common Vulnerabilities and Exposures: CVE-2019-6550
        - Zero Day Initiative: ZDI-19-317
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: RPC Services
      - Platform: Other Server Application or Service

    36102: HTTP: Open-School Community Edition Cross-Site Scripting Vulnerability (CVE-2019-14696)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Open-School Community Edition.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-14696 CVSS 4.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36103: RPC: Advantech WebAccess Client bwprtscr Buffer Overflow Vulnerability (ZDI-19-316)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 107675
        - Common Vulnerabilities and Exposures: CVE-2019-6550
        - Zero Day Initiative: ZDI-19-316
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: RPC Services
      - Platform: Other Server Application or Service

    36104: RPC: Advantech WebAccess Client BwSyncDb Buffer Overflow Vulnerability (ZDI-19-319)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 107675
        - Common Vulnerabilities and Exposures: CVE-2019-6550
        - Zero Day Initiative: ZDI-19-319
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: RPC Services
      - Platform: Other Server Application or Service

    36105: SIP: Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Digium Asterisk.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 109136
        - Common Vulnerabilities and Exposures: CVE-2019-12827 CVSS 4.0
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: SIP (VOIP)
      - Platform: Multi-Platform Server Application or Service

    36106: ZDI-CAN-8937: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36111: HTTP: Apache httpd mod_remoteip Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Apache httpd.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-10097
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36124: RDP: Microsoft Remote Desktop Services DVC Decompression Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Windows Remote Desktop Protocol.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1181
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: TCP (Generic)
      - Platform: Windows Server Application or Service

    36125: RDP: Microsoft Remote Desktop Services DVC Decompression size Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Windows Remote Desktop Protocol.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1182
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: TCP (Generic)
      - Platform: Windows Server Application or Service

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 33444: HTTP: HPE Intelligent Management Center devGroupSelect Expression Language Injection (ZDI-19-164)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33540: HTTP: HPE Intelligent Management Center ictExpertCSVDownload EL Injection Vulnerability (ZDI-19-264)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33540: ZDI-CAN-6759: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33560: HTTP: HPE Intelligent Management Center deviceSelect Expression Language Injection (ZDI-19-238)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33561: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-168)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33663: HTTP: HPE Intelligent Management Center Remote Code Execution Vulnerability (ZDI-19-266)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33665: HTTP: HPE Intelligent Management Center Remote Code Execution Vulnerability (ZDI-19-268)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33841: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-298)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33850: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-296)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33856: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-338)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33858: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-334)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33861: HTTP: HPE Intelligent Management Center iccSelectRules Code Execution Vulnerability (ZDI-19-295)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33878: HTTP: HPE Intelligent Management Center navigationTo Expression Language Injection (ZDI-19-341) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33989: HTTP: HPE Intelligent Management Center iccSelectDevType Expression Language Injection (ZDI-19-452) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33990: HTTP: HPE Intelligent Management Center AMF3 Code Execution Vulnerability (ZDI-19-457)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33990: ZDI-CAN-6807: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34084: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-19-225)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34084: ZDI-CAN-7772: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34588: ZDI-CAN-6906,8957: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Name changed from "34588: ZDI-CAN-6906: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Detection logic updated.
      - Vulnerability references updated.

    34603: HTTP: Delta Industrial Automation CNCSoftScreenEditor wMessageLen Out-Of-Bounds Read (ZDI-19-411)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34603: ZDI-CAN-7827: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34604: HTTP: Delta Industrial Automation CNCSoft ScreenEditor wLanguageNameLen Buffer Overflow (ZDI-19-408)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34604: ZDI-CAN-7831: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35021: HTTP: Apple Safari ContextMenu Use-After-Free Vulnerability (ZDI-19-531)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35021: ZDI-CAN-7555: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 35135: HTTP: Cisco RV110W/RV130W/RV215W Routers Management Interface Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    35624: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow (ZDI-19-672)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35624: ZDI-CAN-8629: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35626: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow (ZDI-19-673)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35626: ZDI-CAN-8633: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35628: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-19-674)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35628: ZDI-CAN-8634: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35629: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-19-675)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35629: ZDI-CAN-8648: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35793: HTTP: Microsoft SharePoint Business Data Connectivity Service Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35793: ZDI-CAN-8161: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35794: HTTP: Microsoft SharePoint Business Data Connectivity Service Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35794: ZDI-CAN-8159: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    35748: HTTP: Adobe PostScript Type-1 Font Object Instantiation
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

  Removed Filters:None
      

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000146850
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.