Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9562

    • Updated:
    • 28 Jul 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9562      July 28, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9562.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9562.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 13
 Modified Filters (logic changes) - 22
 Modified Filters (metadata changes only) - 2
 Removed Filters - 1

Filters
----------------
  New Filters: 

    39931: ZDI-CAN-13512: Zero Day Initiative Vulnerability (NETGEAR R6260)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Netgear R6260.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: July 27, 2021

    39980: ZDI-CAN-14039: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Fatek Automation WinProladder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: July 27, 2021

    39981: ZDI-CAN-13917: Zero Day Initiative Vulnerability (WECON PLC Editor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting WECON PLC Editor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: July 27, 2021

    40013: HTTP: PHP array_map Usage
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the PHP method array_map.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 27, 2021

    40014: HTTP: Adobe Acrobat embedDocAsDataObject Type Confusion Vulnerability (ZDI-21-810)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Adobe Acrobat.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-28643
        - Zero Day Initiative: ZDI-21-810
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: July 27, 2021

    40015: HTTP: Jenkins Generic Webhook Trigger Plugin External Entity Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an external entity injection vulnerability in Jenkins Generic Webhook Trigger Plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21669 CVSS 7.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 27, 2021

    40017: HTTP: WordPress Modern Events Calendar Lite Plugin File Export Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of Modern Events Calendar Lite plugin for exporting csv and xml files.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-24146
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 27, 2021

    40018: ZDI-CAN-14198: Zero Day Initiative Vulnerability (Microsoft Word)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Word.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: July 27, 2021

    40019: ZDI-CAN-14056: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise iLO)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise iLo.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: July 27, 2021

    40023: HTTP: WordPress Modern Events Calendar Lite Plugin File Import Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of Modern Events Calendar Lite plugin for importing files.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-24145
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 27, 2021

    40024: HTTP: WordPress XCloner Plugin xcloner_action Usage
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the xcloner_action in WordPress XCloner plugin.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-35948
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: July 27, 2021

    40025: ZDI-CAN-14203: Zero Day Initiative Vulnerability (Microsoft Word)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Word.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: July 27, 2021

    40036: RPC: Microsoft Windows EfsRpcOpenFileRaw Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an EfsRpcOpenFileRaw request using the encrypting file system remote (EFSRPC) protocol.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: MS-RPC
      - Platform: Windows Server Application or Service
      - Release Date: July 27, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    27133: HTTP: Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 21, 2017
      - Last Modified Date: July 27, 2021

    38528: HTTP: Advantech iView CommandServlet Directory Traversal Vulnerability (ZDI-21-189)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 08, 2020
      - Last Modified Date: July 27, 2021

    39083: HTTP: Phoenix Contact Automationworx BCP File Parsing Memory Corruption Vulnerability (ZDI-21-782)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39083: ZDI-CAN-13134: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 16, 2021
      - Last Modified Date: July 27, 2021

    * 39085: HTTP: Apple WebKit KeyframeEffect Use-After-Free Vulnerability (ZDI-21-761)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39085: ZDI-CAN-12579: Zero Day Initiative Vulnerability (Apple WebKit)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 16, 2021
      - Last Modified Date: July 27, 2021

    39087: HTTP: Autodesk Design Review PDF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-777)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39087: ZDI-CAN-12984: Zero Day Initiative Vulnerability (AutoDesk Design Review)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 16, 2021
      - Last Modified Date: July 27, 2021

    39089: HTTP: Advantech WebAccess Node Stack-based Buffer Overflow Vulnerability (ZDI-21-778, ZDI-21-779)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39089: ZDI-CAN-13038,ZDI-CAN-13039: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 16, 2021
      - Last Modified Date: July 27, 2021

    39344: HTTP: Trend Micro Password Manager Exposed Dangerous Function Vulnerability (ZDI-21-774)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39344: ZDI-CAN-13363: Zero Day Initiative Vulnerability (Trend Micro Password Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 30, 2021
      - Last Modified Date: July 27, 2021

    39378: HTTP: Autodesk Design Review DWFX File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-775)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39378: ZDI-CAN-12953: Zero Day Initiative Vulnerability (AutoDesk Design Review)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 30, 2021
      - Last Modified Date: July 27, 2021

    39379: HTTP: Autodesk Design Review DWF File Parsing Memory Corruption Vulnerability (ZDI-21-776)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39379: ZDI-CAN-12954: Zero Day Initiative Vulnerability (AutoDesk Design Review)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 30, 2021
      - Last Modified Date: July 27, 2021

    39405: HTTP: Microsoft SharePoint SetVariableActivity Insecure Deserialization Vulnerability (ZDI-21-828)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39405: ZDI-CAN-13358: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: July 27, 2021

    39447: HTTP: Autodesk Design Review TIF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-750)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39447: ZDI-CAN-13322: Zero Day Initiative Vulnerability (AutoDesk Design Review)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: July 27, 2021

    39522: HTTP: Microsoft Exchange Server Autodiscover SSRF Vulnerability (PWN2OWN ZDI-21-821)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39522: PWN2OWN ZDI-CAN-13611: Zero Day Initiative Vulnerability (Microsoft Exchange)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 08, 2021
      - Last Modified Date: July 27, 2021

    39527: HTTP: Microsoft Teams ElectronJS Frame Redirect Vulnerability (Pwn2Own ZDI-21-771,772)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39527: PWN2OWN ZDI-CAN-13482,13612: Zero Day Initiative Vulnerability (Microsoft Teams)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 08, 2021
      - Last Modified Date: July 27, 2021

    39536: HTTP: Apple Safari Integer Overflow Vulnerability (Pwn2Own ZDI-21-769)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39536: PWN2OWN ZDI-CAN-13591: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 08, 2021
      - Last Modified Date: July 27, 2021

    39606: HTTP: Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-805)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39606: ZDI-CAN-13448,ZDI-CAN-13555: Zero Day Initiative Vulnerability (Adobe FrameMaker)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 27, 2021
      - Last Modified Date: July 27, 2021

    39635: HTTP: Apache Tapestry ClasspathAssetRequestHandler Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39635: HTTP: Apache Tapestry ClasspathAssetRequestHandler Information Disclosure".
      - Detection logic updated.
      - Release Date: May 04, 2021
      - Last Modified Date: July 27, 2021

    39680: HTTP: Adobe Acrobat Pro DC getAnnot Type Confusion Vulnerability (ZDI-21-811)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39680: ZDI-CAN-13556,13558: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 01, 2021
      - Last Modified Date: July 27, 2021

    39681: HTTP: Adobe Acrobat Reader DC AcroForm Use-After-Free Vulnerability (ZDI-21-806)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39681: ZDI-CAN-13549: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 11, 2021
      - Last Modified Date: July 27, 2021

    39682: HTTP: Adobe Acrobat Reader DC launchURL Use-After-Free Vulnerability (ZDI-21-807)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39682: ZDI-CAN-13550: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 11, 2021
      - Last Modified Date: July 27, 2021

    39734: HTTP: Adobe Acrobat Reader DC setAction Use-After-Free Vulnerability (ZDI-21-813)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39734: ZDI-CAN-13855: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 25, 2021
      - Last Modified Date: July 27, 2021

    39736: HTTP: Microsoft SharePoint CabUtility ExtractCab Directory Traversal Vulnerability (ZDI-21-829)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39736: ZDI-CAN-13584: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 25, 2021
      - Last Modified Date: July 27, 2021

    39826: HTTP: Adobe Acrobat Reader DC PDF File Parsing Buffer Overflow Vulnerability (ZDI-21-812)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39826: ZDI-CAN-13766: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: July 27, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    37817: HTTP: Microsoft Windows CAB File Parsing Directory Traversal Vulnerability (PWN2OWN ZDI-21-826)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37817: HTTP: Microsoft Windows CAB File Parsing Directory Traversal Vulnerability".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: July 07, 2020
      - Last Modified Date: July 27, 2021

    * 39534: HTTP:Microsoft Exchange Server PowerShell Code Execution Vulnerability (Pwn2Own ZDI-21-822)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39534: PWN2OWN ZDI-CAN-13614: Zero Day Initiative Vulnerability (Microsoft Exchange)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: April 08, 2021
      - Last Modified Date: July 27, 2021

  Removed Filters:

    39997: TCP: Microsoft SharePoint Explicit Logon AutoDiscover Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Release Date: July 13, 2021
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000287853
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.