Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #2809 (12/06/2016)

EOL Announcement (January 3, 2017): End-of-Life Notification for Juniper Networks IDP/AppID Signature Releases on EOL products. Please see TSB17019 for more information.

9 new signatures:

HIGHSNMP:CISCO-ASA-BOSNMP: Cisco Adaptive Security Appliance Buffer Overflow
CRITICALSHELLCODE:X86:BASE64-NOOP-CTS-2SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (2)
CRITICALSHELLCODE:X86:BASE64-NOOP-CTS-3SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (3)
CRITICALSHELLCODE:X86:BASE64-NOOP-CTS-4SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (4)
CRITICALSHELLCODE:X86:BASE64-NOOP-CTS-5SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (5)
CRITICALSHELLCODE:X86:BASE64-NOOP-STC-2SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (2)
CRITICALSHELLCODE:X86:BASE64-NOOP-STC-3SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (3)
CRITICALSHELLCODE:X86:BASE64-NOOP-STC-4SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (4)
CRITICALSHELLCODE:X86:BASE64-NOOP-STC-5SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (5)

9 updated signatures:

MEDIUMHTTP:STC:DL:MAL-PLSHTTP: PLS Malformed File Format
CRITICALSHELLCODE:X86:BASE64-NOOP-CTS-1SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (1)
CRITICALSHELLCODE:X86:BASE64-NOOP-STC-1SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (1)
HIGHHTTP:STC:DL:MAL-XRLHTTP: XRL Malformed File Format
CRITICALHTTP:STC:ACTIVEX:CODEBASEHTTP: Internet Explorer Codebase ActiveX
HIGHHTTP:STC:DL:CSOUND-GETNUM-BOFHTTP: Csound getnum Buffer Overflow
HIGHHTTP:STC:IE:CVE-2016-7202-BOHTTP: Microsoft Internet Explorer CVE-2016-7202 Buffer Overrun
HIGHHTTP:STC:ADOBE:CVE-2014-0515-BOHTTP: Adobe Flash Player CVE-2014-0515 Buffer Overflow
MEDIUMHTTP:STC:DL:VS-XML-INFOHTTP: Microsoft Visual Studio XML Information Disclosure


Details of the signatures included within this bulletin:

SNMP:CISCO-ASA-BO - SNMP: Cisco Adaptive Security Appliance Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Cisco Adaptive Security Appliance. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-6367
  • cve: CVE-2016-6366
  • url: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
  • url: http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516

HTTP:STC:ACTIVEX:CODEBASE - HTTP: Internet Explorer Codebase ActiveX

Severity: CRITICAL

Description:

This signature detects attempts to use injected HTML to reference an Active-X control. Attackers can create a malicious Web site that uses injected HTML; users browsing that malicious Web site can unknowingly execute arbitrary attack code. Attackers can also send an HTML-formatted e-mail to a target user to redirect the user to the malicious Web site.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: http://www.kb.cert.org/vuls/id/865940
  • url: http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
  • bugtraq: 8456
  • cve: CVE-2003-0532

Affected Products:

  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 5.5 SP1
  • Microsoft Internet Explorer 5.5 SP2
  • Microsoft Internet Explorer 5.0.1
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Internet Explorer 5.0.1 SP1
  • Microsoft Internet Explorer 5.0.1 SP2
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.0.1 SP3

HTTP:STC:DL:CSOUND-GETNUM-BOF - HTTP: Csound getnum Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Csound. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2012-0270
  • bugtraq: 52144

Affected Products:

  • Csound 5.13.0
  • SuSE openSUSE 11.4

HTTP:STC:ADOBE:CVE-2014-0515-BO - HTTP: Adobe Flash Player CVE-2014-0515 Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Adobe Flash Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

isg-3.5.141652, srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, mx-11.4, idp-5.1.110161014, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, idp-4.0.110090831, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.0.110090709, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, idp-5.1.110160603, isg-3.5.141597, srx-11.4

References:

  • bugtraq: 67092
  • cve: CVE-2014-0515

Affected Products:

  • adobe flash_player 11.2.202.261
  • adobe flash_player 11.7.700.275
  • adobe flash_player 11.2.202.262
  • adobe flash_player 11.8.800.97
  • adobe flash_player 11.2.202.332
  • adobe flash_player 11.2.202.297
  • adobe flash_player 11.8.800.94
  • adobe flash_player 11.2.202.346
  • adobe flash_player 11.2.202.233
  • adobe flash_player 11.8.800.168
  • adobe flash_player 11.2.202.251
  • adobe flash_player 11.7.700.232
  • adobe flash_player 11.2.202.341
  • adobe flash_player 11.2.202.236
  • adobe flash_player 11.2.202.336
  • adobe flash_player 11.7.700.269
  • adobe flash_player 11.2.202.235
  • adobe flash_player 13.0.0.201
  • adobe flash_player 11.2.202.228
  • adobe flash_player 11.2.202.280
  • adobe flash_player 11.7.700.272
  • adobe flash_player 11.2.202.350
  • adobe flash_player 11.2.202.335
  • adobe flash_player 13.0.0.182
  • adobe flash_player 11.7.700.242
  • adobe flash_player 11.7.700.224
  • adobe flash_player 11.2.202.275
  • adobe flash_player 11.2.202.238
  • adobe flash_player 11.2.202.285
  • adobe flash_player 11.2.202.273
  • adobe flash_player 11.7.700.169
  • adobe flash_player 11.2.202.258
  • adobe flash_player 11.2.202.291
  • adobe flash_player 11.2.202.243
  • adobe flash_player 11.7.700.257
  • adobe flash_player 11.2.202.270
  • adobe flash_player 11.7.700.260
  • adobe flash_player 11.2.202.223
  • adobe flash_player 11.2.202.310
  • adobe flash_player 11.7.700.261
  • adobe flash_player 11.7.700.202
  • adobe flash_player 11.7.700.225

HTTP:STC:DL:MAL-PLS - HTTP: PLS Malformed File Format

Severity: MEDIUM

Description:

This signature detects attempts to exploit flaws in PLS file format. Standards are defined for representing a pls file. Any deviation from it can be an indication of malicious activity. This kind of behavior is mostly noticeable from exploits created using Metasploit Framework.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2009-4656
  • url: http://en.wikipedia.org/wiki/PLS_(file_format)
  • cve: CVE-2009-0476
  • bugtraq: 33589
  • bugtraq: 41332

Affected Products:

  • MultiMedia Soft Audio DJ Studio for .NET
  • MultiMedia Soft Audio Sound Recorder for .NET
  • MultiMedia Soft Audio Sound Suite for .NET
  • MultiMedia Soft Audio Sound Studio for .NET
  • MultiMedia Soft Audio Sound Editor for .NET
  • Euphonics 1.0

SHELLCODE:X86:BASE64-NOOP-CTS-1 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (1)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-STC-1 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (1)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

HTTP:STC:IE:CVE-2016-7202-BO - HTTP: Microsoft Internet Explorer CVE-2016-7202 Buffer Overrun

Severity: HIGH

Description:

This signature detects an attempt to exploit an buffer overrun Vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-7202

HTTP:STC:DL:MAL-XRL - HTTP: XRL Malformed File Format

Severity: HIGH

Description:

This signature detects attempts to exploit flaws in XRL files. XRL file type is primarily associated with 'xRadio Player'. Standards are defined for representing a XRL file. Any deviation from it can be an indication of malicious activity. This kind of behavior is mostly noticeable from exploits created using Metasploit Framework.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • bugtraq: 46290

Affected Products:

  • @ktive software xRadio 0.5
  • @ktive software xRadio 0.95b
  • @ktive software xRadio 0.9

SHELLCODE:X86:BASE64-NOOP-CTS-2 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (2)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-CTS-3 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (3)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-CTS-4 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (4)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-CTS-5 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-CTS (5)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-STC-2 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (2)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-STC-3 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (3)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-STC-4 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (4)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

SHELLCODE:X86:BASE64-NOOP-STC-5 - SHELLCODE: Base64 X86 NOOP Detection Over TCP-STC (5)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

HTTP:STC:DL:VS-XML-INFO - HTTP: Microsoft Visual Studio XML Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Visual Studio. A successful attack can lead to information disclosure. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2011-1280
  • bugtraq: 48196

Affected Products:

  • Avaya Meeting Exchange 5.2
  • Avaya Messaging Application Server 5.2
  • Microsoft SQL Server 2008 32-bit R2
  • Avaya CallPilot 4.0
  • Avaya CallPilot 5.0
  • Avaya Communication Server 1000 Telephony Manager 3.0
  • Avaya Communication Server 1000 Telephony Manager 4.0
  • Microsoft Office 2007 SP2
  • Microsoft Office 2010 (32-bit edition)
  • Microsoft Office 2010 (64-bit edition)
  • Microsoft SQL Server 2008 x64 R2
  • Avaya Meeting Exchange 5.0 SP1
  • Avaya Meeting Exchange 5.0 SP2
  • Avaya Meeting Exchange 5.1 SP1
  • Microsoft SQL Server 2005 Itanium Edition SP4
  • Avaya Meeting Exchange 5.0
  • Microsoft Visual Studio 2008 SP1
  • Microsoft SQL Server 2005 SP4
  • Microsoft SQL Server 2005 Express Edition SP3
  • Microsoft SQL Server 2005 SP3
  • Microsoft SQL Server 2005 Express Edition with Advanced Serv SP3
  • Microsoft SQL Server 2005 x64 Edition SP3
  • Microsoft SQL Server 2008 32bit SP1
  • Microsoft SQL Server 2008 itanium SP1
  • Avaya Meeting Exchange 5.0.0.0.52
  • Microsoft SQL Server 2008 32-bit SP2
  • Avaya Meeting Exchange - Web Conferencing Server
  • Microsoft SQL Server 2008 itanium R2
  • Microsoft SQL Server 2005 Express Edition SP4
  • Microsoft SQL Server Management Studio Express (SSMSE) 2005 x64
  • Microsoft SQL Server 2005 Express Edition with Advanced Serv SP4
  • Microsoft SQL Server 2005 x64 Edition SP4
  • Avaya Messaging Application Server 4
  • Avaya Messaging Application Server 5
  • Microsoft SQL Server 2005 Itanium Edition SP3
  • Avaya Meeting Exchange - Client Registration Server
  • Avaya Aura Conferencing 6.0 Standard
  • Microsoft InfoPath 2007 SP2
  • Microsoft Visual Studio 2010
  • Microsoft SQL Server 2008 x64 SP2
  • Avaya Meeting Exchange - Streaming Server
  • Microsoft SQL Server 2008 itanium SP2
  • Avaya Meeting Exchange - Webportal
  • Avaya Meeting Exchange - Recording Server
  • Microsoft SQL Server Management Studio Express (SSMSE) 2005
  • Microsoft InfoPath 2010
  • Avaya Meeting Exchange 5.1
  • Microsoft Visual Studio 2005 SP1
  • Avaya Meeting Exchange 5.2 SP2
  • Avaya Meeting Exchange 5.2 SP1
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out