Summary
Digital Vaccine #9424 June 16, 2020
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. Note: Customers with TP10 devices should perform a soft reboot of their IPS before installing the new DV to avoid a memory issue during the install. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9424.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9424.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 21
Modified Filters (logic changes) - 26
Modified Filters (metadata changes only) - 2
Removed Filters - 0
Filters
----------------
New Filters:
34049: HTTP: Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross-Site Scripting
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Oracle E-Business Suite.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-2852 CVSS 5.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
34775: ZDI-CAN-10640: Zero Day Initiative Vulnerability (Cisco RV340)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco RV340.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
34780: ZDI-CAN-10968: Zero Day Initiative Vulnerability (Oracle WebLogic Server)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Oracle WebLogic Server.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
34896: ZDI-CAN-11029: Zero Day Initiative Vulnerability (Laquis SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Laquis SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
34923: ZDI-CAN-11036: Zero Day Initiative Vulnerability (Microsoft Windows Media Foundation)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Foundation.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
34924: ZDI-CAN-11041: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation TPEditor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
34926: LDAP: OpenLDAP slapd Nested Filter Stack Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a stack overflow vulnerability in OpenLDAP slapd.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-12243 CVSS 5.0
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: LDAP
- Platform: Multi-Platform Server Application or Service
34927: HTTP: WordPress Calculated Fields Form Cross-Site Scripting Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in WordPress Calculated Fields Form plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-7228 CVSS 3.5
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
34934: ZDI-CAN-11078: Zero Day Initiative Vulnerability (Eaton EASYSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton EASYSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
34942: ZDI-CAN-11080: Zero Day Initiative Vulnerability (Eaton EASYSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton EASYSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
34943: ZDI-CAN-11082: Zero Day Initiative Vulnerability (Eaton EASYSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton EASYSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
34963: ZDI-CAN-11083: Zero Day Initiative Vulnerability (Eaton EASYSoft)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Eaton EASYSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35099: ZDI-CAN-11105: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35111: ZDI-CAN-11108: Zero Day Initiative Vulnerability (Trend Micro OfficeScan)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro OfficeScan.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35156: ZDI-CAN-11121: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35158: ZDI-CAN-11128: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35440: ZDI-CAN-11153: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35442: ZDI-CAN-11157: Zero Day Initiative Vulnerability (Microsoft Windows Media Foundation)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows Media Foundation.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35671: ZDI-CAN-10818: Zero Day Initiative Vulnerability (Oracle WebLogic Server)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Oracle WebLogic Server.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35673: ZDI-CAN-10907: Zero Day Initiative Vulnerability (Cisco RV340)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco RV340.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35833: HTTP: Apache Tomcat Deserialization Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a deserialization vulnerability in Apache Tomcat.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-9484
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
Modified Filters (logic changes):
* = Enabled in Default deployments
19715: TCP: Java Management Extensions (JMX) JRMI Usage (ZDI-15-455)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "19715: TCP: VMware vCenter Server JMX RMI Usage (ZDI-15-455)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35296: RDP: Microsoft Remote Desktop Services Negotiation Request Without CredSSP (ATT&CK T1076)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
36144: HTTP: Cisco Data Center Network Manager getTokenInfo SQL Injection Vulnerability (ZDI-20-017)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
36276: HTTP: Foxit PhantomPDF text Field Object Use-After-Free Vulnerability (ZDI-20-202)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36276: ZDI-CAN-9400: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36473: HTTP: Foxit PhantomPDF AcroForm addWatermarkFromText Use-After-Free Vulnerability (ZDI-20-201)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36473: ZDI-CAN-9358: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36615: HTTP: Amazon Echo Show Integer Overflow Vulnerability (Pwn2Own ZDI-20-537)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36615: PWN2OWN ZDI-CAN-9644: Zero Day Initiative Vulnerability (Amazon Echo Show)".
- Category changed from "Vulnerabilities" to "Exploits".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36643: HTTP: Foxit PhantomPDF ListBox Field Keystroke Use-After-Free Vulnerability (ZDI-19-912)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36643: ZDI-CAN-9081: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36675: HTTP: Foxit PhantomPDF Text Field Calculate Use-After-Free Vulnerability (ZDI-19-911)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36675: ZDI-CAN-9044: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36679: HTTP: Foxit PhantomPDF Signature Field OnFocus Use-After-Free Vulnerability (ZDI-19-910)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36679: ZDI-CAN-9091: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36706: HTTP: Foxit PhantomPDF fxhtml2pdf Use-After-Free Vulnerability (ZDI-20-211)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36706: ZDI-CAN-9560: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36730: HTTP: Foxit PhantomPDF AcroForm addWatermarkFromText Use-After-Free Vulnerability (ZDI-20-212)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36730: ZDI-CAN-9640: Zero Day Initiative Vulnerability (Foxit PhantomPDF)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37158: HTTP: Squid Proxy HTTP Request Processing Buffer Overflow
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
37200: RPC: Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c71 SQL Injection Vulnerability (ZDI-20-613)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37200: ZDI-CAN-9882: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37209: RPC: Advantech WebAccess/SCADA BwWebSvc SQL Injection Vulnerability (ZDI-20-614)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37209: ZDI-CAN-9883: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37214: RPC: Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002723 Buffer Overflow Vulnerability (ZDI-20-603)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37214: ZDI-CAN-9897: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37243: HTTP: Microsoft Windows Media Player DTS Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-693)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37243: ZDI-CAN-10512: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37322: HTTP: Foxit Reader XFA Template Use-After-Free Vulnerability (ZDI-20-527)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37322: ZDI-CAN-10132: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37335: HTTP: Microsoft Windows Media Foundation Out-Of-Bounds Write Vulnerability (ZDI-20-696)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37335: ZDI-CAN-10693: Zero Day Initiative Vulnerability (Microsoft Windows Media Foundation)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37351: HTTP: Foxit Reader AcroForm Use-After-Free Vulnerability (ZDI-20-528)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37351: ZDI-CAN-10142: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37353: HTTP: Eaton HMiSoft VU3 File Parsing wTextLen Stack-based Buffer Overflow Vulnerability (ZDI-20-471)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37353: ZDI-CAN-10145: Zero Day Initiative Vulnerability (Eaton HMiSoft)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37367: HTTP: Microsoft Windows Media Player mpg2splt Integer Underflow Vulnerability (ZDI-20-697)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37367: ZDI-CAN-10681: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37368: HTTP: Microsoft Windows Media Foundation Out-Of-Bounds Write Vulnerability (ZDI-20-695)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37368: ZDI-CAN-10654: Zero Day Initiative Vulnerability (Microsoft Windows Media Foundation)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37392: HTTP: Foxit Reader resetForm Use-After-Free Vulnerability (ZDI-20-534)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37392: ZDI-CAN-10614: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37395: HTTP: Foxit Reader XFA Widget Use-After-Free Vulnerability (ZDI-20-535)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37395: ZDI-CAN-10650: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
37482: TCP: Memcached try_read_command_binary Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 37604: HTTP: Microsoft Chakra Intl Object Type Confusion Vulnerability (ZDI-20-698)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37604: ZDI-CAN-10788: Zero Day Initiative Vulnerability (Microsoft Chakra)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
36125: RDP: Microsoft Remote Desktop Services DVC Decompression size Buffer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
Removed Filters: None
Top of the Page
