Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9419

    • Updated:
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9419      May 26, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.

Note: Customers with TP10 devices should perform a soft reboot of their IPS before installing the new DV to avoid a memory issue during the install.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9419.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9419.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 11
 Modified Filters (logic changes) - 29
 Modified Filters (metadata changes only) - 14
 Removed Filters - 0

Filters
----------------
 New Filters:
    28090: ZDI-CAN-10965: Zero Day Initiative Vulnerability (Oracle Java Runtime Environment)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Oracle Java Runtime Environment.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    28091: HTTP: Symantec Web Gateway Postauth Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Symantec Web Gateway.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service

    28308: HTTP: Opmantek Open-AudIT m_discoveries.php Command Injection Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Opmantek Open-AudIT.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-11941 CVSS 6.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    28314: HTTP: Cisco UCS Director MyCallable Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco UCS Director.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3251 CVSS 9.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    28319: TCP: Oracle WebLogic CVE-2020-2963 Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Oracle WebLogic.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-2963 CVSS 6.5
      - Classification: Vulnerability - Other
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service

    28321: HTTP: Oracle E-Business Suite Human Resources SQL Injection Vulnerability (ZDI-20-502)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle E-Business Suite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-2882 CVSS 5.5
        - Zero Day Initiative: ZDI-20-502
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    28555: ZDI-CAN-10740: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    28655: ZDI-CAN-9852: Zero Day Initiative Vulnerability (NETGEAR Routers)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting multiple NETGEAR routers.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    28976: HTTP: Cisco IP Phone Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Cisco IP Phone.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3161
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    29627: DNS: ISC BIND TSIG Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in ISC BIND.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-8617
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: DNS
      - Platform: Multi-Platform Server Application or Service

    37407: ZDI-CAN-10709,ZDI-CAN-10710: Zero Day Initiative Vulnerability (VEEM One Agent)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting VEEM One Agent.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    22622: HTTP: ThinkPHP Framework Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    34586: HTTP: HPE IMC Expression Language Injection Vulnerability (ZDI-19-525, ZDI-20-177, ZDI-20-179)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34586: HTTP: HPE Intelligent Management Center operationSelect Expression Language Injection (ZDI-19-525)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34587: HTTP: HPE IMC Expression Language Injection Vulnerability (ZDI-19-526, ZDI-20-153)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34587: HTTP: HPE Intelligent Management Center devSoftSel Expression Language Injection (ZDI-19-526)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34922: HTTP: Foxit Reader AcroForm richValue Use-After-Free Vulnerability (ZDI-19-447)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34922: ZDI-CAN-8272: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35025: HTTP: Apple Safari BreakingContext Out-Of-Bounds Read Vulnerability (ZDI-19-529)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35025: ZDI-CAN-7600: Zero Day Initiative Vulnerability (Apple Safari)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35041: HTTP: Phoenix Contact Automationworx BCP File Parsing Use-After-Free Vulnerability (ZDI-19-576)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35041: ZDI-CAN-7785: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 35115: HTTP: Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-716)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35115: ZDI-CAN-8313: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36660: TCP: MikroTik RouterOS WinBox Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    36905: HTTP: IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Vulnerability (ZDI-20-348)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36905: ZDI-CAN-9957,9958: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36906: HTTP: IBM Spectrum Protect Plus changeAdministratorPassword Command Injection (ZDI-20-274)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36906: ZDI-CAN-9956: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36907: HTTP: IBM Spectrum Protect Plus hostname Command Injection Vulnerability (ZDI-20-273)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36907: ZDI-CAN-9955: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36913: HTTP: IBM Spectrum Protect Plus hfpackage Command Injection Vulnerability (ZDI-20-272)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36913: ZDI-CAN-9954: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36914: HTTP: IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal Vulnerability(ZDI-20-345)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36914: ZDI-CAN-9951,9952: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36915: HTTP: IBM Spectrum Protect Plus plugin Directory Traversal Vulnerability (ZDI-20-349)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36915: ZDI-CAN-9950: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36916: HTTP: IBM Spectrum Protect Plus cleanupUpdateImage Arbitrary Directory Deletion (ZDI-20-343)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36916: ZDI-CAN-9949: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37156: HTTP: IBM Spectrum Protect Plus username Command Injection Vulnerability (ZDI-20-270)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37156: ZDI-CAN-9750: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37168: HTTP: IBM Spectrum Protect Plus password Command Injection Vulnerability (ZDI-20-271)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37168: ZDI-CAN-9752: Zero Day Initiative Vulnerability (IBM Spectrum Protect Plus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37175: HTTP: Advantech WebAccess/NMS DBUtil SQL Injection Vulnerability (ZDI-20-415)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37175: ZDI-CAN-9775: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37176: HTTP: Advantech WebAccess/NMS DBUtil SQL Injection Vulnerability (ZDI-20-416)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37176: ZDI-CAN-9776: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37178: HTTP: Advantech WebAccess/NMS DBUtil SQL Injection Vulnerability (ZDI-20-417)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37178: ZDI-CAN-9777: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37179: HTTP: Advantech WebAccess/NMS DBUtil SQL Injection Vulnerability (ZDI-20-418)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37179: ZDI-CAN-9778: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37180: HTTP: Advantech WebAccess/NMS DBUtil SQL Injection Vulnerability (ZDI-20-419)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37180: ZDI-CAN-9793: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37183: HTTP: Advantech WebAccess/NMS DBUtil SQL Injection Vulnerability (ZDI-20-425)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37183: ZDI-CAN-9804: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37191: HTTP: Advantech WebAccess/NMS DBUtil SQL Injection Vulnerability (ZDI-20-437)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37191: ZDI-CAN-9819: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37194: HTTP: Advantech WebAccess/NMS DBUtil SQL Injection Vulnerability (ZDI-20-442)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37194: ZDI-CAN-9824: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37196: HTTP: Advantech WebAccess/NMS addLinkMonitor SQL Injection Vulnerability (ZDI-20-445)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37196: ZDI-CAN-9827: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37254: HTTP: Microsoft Windows PDF Library DirectWrite Use-After-Free Vulnerability (ZDI-20-641)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37254: ZDI-CAN-10381: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37308: HTTP: Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization (ZDI-20-505)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37308: ZDI-CAN-9334: Zero Day Initiative Vulnerability (Oracle Business Intelligence)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37612: HTTP: Microsoft Windows EMR_SETDIBITSTODEVICE Out-Of-Bounds Read Vulnerability (ZDI-20-647)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37612: HTTP: Microsoft Windows EMR_SETDIBITSTODEVICE Out-Of-Bounds Read Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    29657: RPC: Advantech WebAccess Malicious IOCTL(ZDI-17-938-940,ZDI-18-009-025,18-029-054,18-058-063,18-483)
      - IPS Version: 3.2.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    35097: RPC: Advantech WebAccess Node bwscrp Buffer Overflow Vulnerability (ZDI-19-594, ZDI-20-632)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35097: RPC: Advantech WebAccess Node bwscrp Buffer Overflow Vulnerability (ZDI-19-594)".
      - Description updated.
      - Vulnerability references updated.

    36897: HTTP: Microsoft Windows JET Database Engine Memory Corruption Vulnerability (ZDI-20-637)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36897: HTTP: Microsoft Windows JET Database Engine Memory Corruption Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    36900: HTTP: Microsoft JET Database Engine Memory Corruption Vulnerability (ZDI-20-636)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36900: HTTP: Microsoft JET Database Engine Memory Corruption Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    36901: HTTP: Microsoft Windows JET Database Engine Memory Corruption Vulnerability (ZDI-20-638)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36901: HTTP: Microsoft Windows JET Database Engine Memory Corruption Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    * 36976: HTTP: Microsoft Internet Explorer CWMPErrorDlg Use-After-Free Vulnerability (ZDI-20-639)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36976: HTTP: Microsoft Internet Explorer CWMPErrorDlg Use-After-Free Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    37035: HTTP: Microsoft SharePoint Shared Forms Security Bypass Vulnerability (ZDI-20-648)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37035: HTTP: Microsoft SharePoint Shared Forms Security Bypass Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    37051: HTTP: Microsoft Windows JET Database Engine Memory Corruption Vulnerability (ZDI-20-640)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37051: HTTP: Microsoft Windows JET Database Engine Memory Corruption Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    37245: HTTP: Microsoft Windows Media Player HEVC Parsing Buffer Overflow Vulnerability (ZDI-20-642)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37245: HTTP: Microsoft Windows Media Player HEVC Stream Parsing Buffer Overflow Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    37334: HTTP: Adobe Acrobat Reader DC JPEG File Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-652)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37334: HTTP: Adobe Acrobat Reader DC JPEG File Parsing Out-Of-Bounds Write Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    37377: HTTP: Microsoft Windows Media Player HEVC Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-643)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37377: HTTP: Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    37378: HTTP: Microsoft Windows Media Player HEVC Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-644)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37378: HTTP: Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    37422: HTTP: Adobe Reader Field Use-After-Free Vulnerability (Pwn2Own ZDI-20-651)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37422: HTTP: Adobe Reader Field Use-After-Free Vulnerability (Pwn2Own)".
      - Description updated.
      - Vulnerability references updated.

    37595: HTTP: Adobe Acrobat Reader DC JPEG2000 Buffer Overflow Vulnerability (ZDI-20-653)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37595: HTTP: Adobe Acrobat Reader DC JPEG2000 Buffer Overflow Vulnerability".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters: None
  
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000253944
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.