Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9424

    • Updated:
    • 17 Jun 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9424      June 16, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.

Note: Customers with TP10 devices should perform a soft reboot of their IPS before installing the new DV to avoid a memory issue during the install.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9424.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9424.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 21
 Modified Filters (logic changes) - 26
 Modified Filters (metadata changes only) - 2
 Removed Filters - 0

Filters
----------------
 New Filters:
    34049: HTTP: Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross-Site Scripting 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Oracle E-Business Suite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-2852 CVSS 5.8
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    34775: ZDI-CAN-10640: Zero Day Initiative Vulnerability (Cisco RV340)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco RV340.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    34780: ZDI-CAN-10968: Zero Day Initiative Vulnerability (Oracle WebLogic Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Oracle WebLogic Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    34896: ZDI-CAN-11029: Zero Day Initiative Vulnerability (Laquis SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Laquis SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    34923: ZDI-CAN-11036: Zero Day Initiative Vulnerability (Microsoft Windows Media Foundation)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Foundation.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    34924: ZDI-CAN-11041: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation TPEditor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    34926: LDAP: OpenLDAP slapd Nested Filter Stack Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a stack overflow vulnerability in OpenLDAP slapd.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-12243 CVSS 5.0
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: LDAP
      - Platform: Multi-Platform Server Application or Service

    34927: HTTP: WordPress Calculated Fields Form Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in WordPress Calculated Fields Form plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-7228 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    34934: ZDI-CAN-11078: Zero Day Initiative Vulnerability (Eaton EASYSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton EASYSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    34942: ZDI-CAN-11080: Zero Day Initiative Vulnerability (Eaton EASYSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton EASYSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    34943: ZDI-CAN-11082: Zero Day Initiative Vulnerability (Eaton EASYSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton EASYSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    34963: ZDI-CAN-11083: Zero Day Initiative Vulnerability (Eaton EASYSoft)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton EASYSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35099: ZDI-CAN-11105: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35111: ZDI-CAN-11108: Zero Day Initiative Vulnerability (Trend Micro OfficeScan)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro OfficeScan.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35156: ZDI-CAN-11121: Zero Day Initiative Vulnerability (Microsoft JET Database)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35158: ZDI-CAN-11128: Zero Day Initiative Vulnerability (Microsoft JET Database)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35440: ZDI-CAN-11153: Zero Day Initiative Vulnerability (Microsoft JET Database)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35442: ZDI-CAN-11157: Zero Day Initiative Vulnerability (Microsoft Windows Media Foundation)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Foundation.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35671: ZDI-CAN-10818: Zero Day Initiative Vulnerability (Oracle WebLogic Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Oracle WebLogic Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35673: ZDI-CAN-10907: Zero Day Initiative Vulnerability (Cisco RV340)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco RV340.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35833: HTTP: Apache Tomcat Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a deserialization vulnerability in Apache Tomcat.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-9484
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    19715: TCP: Java Management Extensions (JMX) JRMI Usage (ZDI-15-455)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "19715: TCP: VMware vCenter Server JMX RMI Usage (ZDI-15-455)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35296: RDP: Microsoft Remote Desktop Services Negotiation Request Without CredSSP (ATT&CK T1076)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    36144: HTTP: Cisco Data Center Network Manager getTokenInfo SQL Injection Vulnerability (ZDI-20-017)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    36276: HTTP: Foxit PhantomPDF text Field Object Use-After-Free Vulnerability (ZDI-20-202)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36276: ZDI-CAN-9400: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36473: HTTP: Foxit PhantomPDF AcroForm addWatermarkFromText Use-After-Free Vulnerability (ZDI-20-201)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36473: ZDI-CAN-9358: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36615: HTTP: Amazon Echo Show Integer Overflow Vulnerability (Pwn2Own ZDI-20-537)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36615: PWN2OWN ZDI-CAN-9644: Zero Day Initiative Vulnerability (Amazon Echo Show)".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36643: HTTP: Foxit PhantomPDF ListBox Field Keystroke Use-After-Free Vulnerability (ZDI-19-912)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36643: ZDI-CAN-9081: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36675: HTTP: Foxit PhantomPDF Text Field Calculate Use-After-Free Vulnerability (ZDI-19-911)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36675: ZDI-CAN-9044: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36679: HTTP: Foxit PhantomPDF Signature Field OnFocus Use-After-Free Vulnerability (ZDI-19-910)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36679: ZDI-CAN-9091: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36706: HTTP: Foxit PhantomPDF fxhtml2pdf Use-After-Free Vulnerability (ZDI-20-211)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36706: ZDI-CAN-9560: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36730: HTTP: Foxit PhantomPDF AcroForm addWatermarkFromText Use-After-Free Vulnerability (ZDI-20-212)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36730: ZDI-CAN-9640: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37158: HTTP: Squid Proxy HTTP Request Processing Buffer Overflow
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    37200: RPC: Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c71 SQL Injection Vulnerability (ZDI-20-613)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37200: ZDI-CAN-9882: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37209: RPC: Advantech WebAccess/SCADA BwWebSvc SQL Injection Vulnerability (ZDI-20-614)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37209: ZDI-CAN-9883: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37214: RPC: Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002723 Buffer Overflow Vulnerability (ZDI-20-603)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37214: ZDI-CAN-9897: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37243: HTTP: Microsoft Windows Media Player DTS Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-693)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37243: ZDI-CAN-10512: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37322: HTTP: Foxit Reader XFA Template Use-After-Free Vulnerability (ZDI-20-527)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37322: ZDI-CAN-10132: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37335: HTTP: Microsoft Windows Media Foundation Out-Of-Bounds Write Vulnerability (ZDI-20-696)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37335: ZDI-CAN-10693: Zero Day Initiative Vulnerability (Microsoft Windows Media Foundation)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37351: HTTP: Foxit Reader AcroForm Use-After-Free Vulnerability (ZDI-20-528)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37351: ZDI-CAN-10142: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37353: HTTP: Eaton HMiSoft VU3 File Parsing wTextLen Stack-based Buffer Overflow Vulnerability (ZDI-20-471)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37353: ZDI-CAN-10145: Zero Day Initiative Vulnerability (Eaton HMiSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37367: HTTP: Microsoft Windows Media Player mpg2splt Integer Underflow Vulnerability (ZDI-20-697)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37367: ZDI-CAN-10681: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37368: HTTP: Microsoft Windows Media Foundation Out-Of-Bounds Write Vulnerability (ZDI-20-695)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37368: ZDI-CAN-10654: Zero Day Initiative Vulnerability (Microsoft Windows Media Foundation)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37392: HTTP: Foxit Reader resetForm Use-After-Free Vulnerability (ZDI-20-534)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37392: ZDI-CAN-10614: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37395: HTTP: Foxit Reader XFA Widget Use-After-Free Vulnerability (ZDI-20-535)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37395: ZDI-CAN-10650: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    37482: TCP: Memcached try_read_command_binary Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 37604: HTTP: Microsoft Chakra Intl Object Type Confusion Vulnerability (ZDI-20-698)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37604: ZDI-CAN-10788: Zero Day Initiative Vulnerability (Microsoft Chakra)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    36125: RDP: Microsoft Remote Desktop Services DVC Decompression size Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

  Removed Filters: None

Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000256598
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.