Update Details
Update #3074 (06/15/2018)
4 deprecated signatures:
| MEDIUM | FINGER:EXPLOIT:DOT-AT-HOST | FINGER: .@host Exploit | Removal Date: 07/16/2018 | Reason For Deprecation: This signature is for EOS products. |
| HIGH | HTTP:STC:DL:HELP-IMG-HEAP | HTTP: Microsoft Windows HLP File Handling Heap Buffer Overflow | Removal Date: 07/23/2018 | Reason For Deprecation: This signature is for EOS products. |
| MEDIUM | APP:TUN:TEREDO-INFO | APP: Windows Firewall Teredo Information Disclosure | Removal Date: 07/23/2018 | Reason For Deprecation: This signature is for EOS products. |
| CRITICAL | ICMP:EXPLOIT:MIP-ROUTE-OF | ICMP: Mobile IP Route Overflow | Removal Date: 07/23/2018 | Reason For Deprecation: This signature is for EOS products. |
Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups
6 new signatures:
| HIGH | HTTP:STC:CLSID:SCRRUN-FILE-ACT | HTTP: Microsoft Windows 10 Active-X Creation Deletion Issue |
| MEDIUM | SMTP:MUL-TAG-RTF-OBJ-1 | SMTP: Multiple comment tags used in embedded RTF object |
| HIGH | APP:MISC:GE-MDS-PULSENET-ID | APP: GE MDS PulseNET Remote Invocation Insecure Deserialization |
| HIGH | HTTP:STC:ADOBE:CVE-2018-4945-CE | HTTP: Adobe Flash Player CVE-2018-4945 Remote Code Execution |
| HIGH | HTTP:STC:ADOBE:CVE-2018-5001-CE | HTTP: Adobe Flash Player CVE-2018-5001 Remote Code Execution |
| HIGH | HTTP:STC:ADOBE:CVE-2018-5000-CE | HTTP: Adobe Flash Player CVE-2018-5000 Remote Code Execution |
Details of the signatures included within this bulletin:
HTTP:STC:CLSID:SCRRUN-FILE-ACT - HTTP: Microsoft Windows 10 Active-X Creation Deletion Issue
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows 10. Successful attack could to deletion, creation of folder and creation a text file.
Supported On:
isg-3.5.141652, idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
SMTP:MUL-TAG-RTF-OBJ-1 - SMTP: Multiple comment tags used in embedded RTF object
Severity: MEDIUM
Description:
This signature attempts to prevent java script obfuscation attempt in SMTP traffic.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
APP:MISC:GE-MDS-PULSENET-ID - APP: GE MDS PulseNET Remote Invocation Insecure Deserialization
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in GE MDS PulseNET and PulseNET Enterprise. Successful exploitation can result in arbitrary code execution in the context of the user running PulseNET.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
- bugtraq: 104377
- cve: CVE-2018-10611
HTTP:STC:ADOBE:CVE-2018-4945-CE - HTTP: Adobe Flash Player CVE-2018-4945 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
Supported On:
isg-3.5.141652, idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
- cve: CVE-2018-4945
HTTP:STC:ADOBE:CVE-2018-5001-CE - HTTP: Adobe Flash Player CVE-2018-5001 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
Supported On:
isg-3.5.141652, idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
- cve: CVE-2018-5001
HTTP:STC:ADOBE:CVE-2018-5000-CE - HTTP: Adobe Flash Player CVE-2018-5000 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
Supported On:
isg-3.5.141652, idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
- cve: CVE-2018-5000