Update Details

Update #2808 (12/01/2016)

EOL Announcement (January 3, 2017): End-of-Life Notification for Juniper Networks IDP/AppID Signature Releases on EOL products. Please see TSB17019 for more information.

1 new signature:

HIGH

HTTP:STC:DL:APPLE-COREGRAPH-MC

HTTP: Apple CoreGraphics JPEG Memory Corruption

2 updated signatures:

HIGH	HTTP:STC:DL:A-PDF-RCE	HTTP: Brothersoft A-PDF WAV to MP3 Remote Code Execution
HIGH	HTTP:STC:CVE-2016-7212-BUF-OVHD	HTTP: Microsoft Windows CVE-2016-7212 Buffer Overhead

3 renamed signatures:

SHELLCODE:X86:BASE64-NOOP-STC	->	SHELLCODE:X86:BASE64-NOOP-STC-1
HTTP:NTOP-BASIC-AUTHORIZATION1	->	HTTP:NTOP-BASIC-AUTHORIZATION-1
SHELLCODE:X86:BASE64-NOOP-CTS	->	SHELLCODE:X86:BASE64-NOOP-CTS-1

Details of the signatures included within this bulletin:

HTTP:STC:DL:A-PDF-RCE - HTTP: Brothersoft A-PDF WAV to MP3 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Brothersoft A-PDF. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

HTTP:STC:DL:APPLE-COREGRAPH-MC - HTTP: Apple CoreGraphics JPEG Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the CoreGraphics component when handling specially crafted JPEG files. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.

Supported On:

srx-branch-11.4, idp-5.1.110161014, mx-11.4, idp-4.1.0, isg-3.5.141652, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, isg-3.5.141597, srx-11.4

References:

cve: CVE-2016-4673

HTTP:NTOP-BASIC-AUTHORIZATION-1 - HTTP: Ntop Basic Authorization Denial of Service (1)

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in ntop basic Authorization. This could lead to a Denial of Service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-CTS-1 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (1)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

SHELLCODE:X86:BASE64-NOOP-STC-1 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (1)

Severity: CRITICAL

Description:

Supported On:

HTTP:STC:CVE-2016-7212-BUF-OVHD - HTTP: Microsoft Windows CVE-2016-7212 Buffer Overhead

Severity: HIGH

Description:

A vulnerability was discovered within Microsoft Windows that could lead to a buffer overhead. Successfully exploitation of this issue could allow an attacker to execute arbitrary code under the context of the current process.

Supported On:

References:

cve: CVE-2016-7212