Update Details

Update #2895 (05/18/2017)

EOL Announcement (January 3, 2017): End-of-Life Notification for Juniper Networks IDP/AppID Signature Releases on EOL products. Please see TSB17019 for more information.

24 new signatures:

HIGH	IMAP:OUTLOOK-RCE	IMAP: Microsoft Outlook Client Code Execution
HIGH	APP:MISC:ESKIMOROLL-KERBEROS-PE	APP: ESKIMOROLL Kerberos Privilege Escalation
HIGH	MS-RPC:RPC-OVF	MSRPC: Microsoft Windows DCOM RPC Interface Buffer Overrun
HIGH	HTTP:STC:MOZILLA:CVE-2014-1513	HTTP: Mozilla Firefox CVE-2014-1513 Remote Code Execution
HIGH	HTTP:STC:SAFARI:CVE-2017-2446	HTTP: Apple Safari CVE-2017-2446 Remote Code Execution
HIGH	HTTP:MISC:GENERIC-DIR-TRAVERSAL	HTTP: Generic Directory Traversal Detected
CRITICAL	APP:REMOTE:ESTEEMAUDIT-RCE	HTTP: Microsoft Windows Empty RDP Cookie Negotiation Attempt
HIGH	HTTP:HPE-INTELLIGENT-CENTER-ID	HTTP: HPE Intelligent Management Center FileDownloadServlet Information Disclosure
MEDIUM	DNS:CVE-2017-0171-DOS	DNS: Windows DNS CVE-2017-0171 Denial Of Service
HIGH	HTTP:STC:MANTIS-PASS-RESET	HTTP: Mantis Bug Tracker confirm_hash Remote Password Reset
HIGH	HTTP:STC:ADOBE:CVE-2017-3071-CE	HTTP: Adobe Flash CVE-2017-3071 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2017-3068-CE	HTTP: Adobe Flash CVE-2017-3068 Remote Code Execution
HIGH	HTTP:STC:CHROME:CVE-2017-5030	HTTP: Google Chrome CVE-2017-5030 Remote Code Execution
HIGH	HTTP:STC:CHROME:CVE-2016-5198	HTTP: Google Chrome CVE-2016-5198 Remote Code Execution
HIGH	HTTP:STC:CHROME:CVE-2016-5200	HTTP: Google Chrome CVE-2016-5200 Remote Code Execution
HIGH	HTTP:STC:IE:CVE-2017-0134-RCE	HTTP: Microsoft Edge CVE-2017-0134 Remote Code Execution
HIGH	HTTP:INTEL-AMT-PE	HTTP: Intel Active Management Technology Remote Privilege Escalation
HIGH	HTTP:STC:APPLE-SAFARI-PARAM-UAF	HTTP: Apple Safari parameter name Use After Free
HIGH	HTTP:STC:APPLE-CVE-2016-4622-CE	HTTP: Apple Safari CVE-2016-4622 Remote Code Execution
HIGH	HTTP:STC:APPLE-TYPARRAY-BUF-NEU	HTTP: Apple TypeArray Buffer Neutering
HIGH	HTTP:STC:APPLE-SAFARI-OOB	HTTP: Apple Safari CVE-2017-2447 Out Of Bounds
HIGH	HTTP:STC:CVE-2017-2464-MC	HTTP: Apple Safari CVE-2017-2464 Memory Corruption
HIGH	HTTP:STC:APPLE-SFRI-PWN2OWN-UAF	HTTP: Apple Safari Pwn2Own Use After Free
HIGH	SMTP:OUTLOOK:OUTLOOK-CE	SMTP: Outlook Client Code Execution

11 updated signatures:

MEDIUM	SCADA:ICCP:INVALID-TPDU	SCADA: Invalid TPDU Code
INFO	CHAT:MSN:HTTP:MSNFTP-INVITE	CHAT: MSN over HTTP File Transfer Invitation Message
MEDIUM	HTTP:STC:ACTIVEX:MAGNETOSOFT-OV	HTTP: Magnetosoft Networkresources Unsafe ActiveX Overflow
HIGH	HTTP:STC:ADOBE:CVE-2017-3055-CE	HTTP: Adobe Acrobat Reader CVE-2017-3055 Remote Code Execution
INFO	SMB:SMBV1-REQ	SMB: SMBv1 Request Detected
INFO	P2P:XUNLEI:DOWNLOAD	P2P: Xunlei Download
HIGH	HTTP:STC:IE:CVE-2017-0141-AV	HTTP: Microsoft Edge CVE-2017-0141 Access Violation
HIGH	DNS:ISC-BIND-CNAME-DNAME-DOS	DNS: ISC BIND Referral CNAME and DNAME Assertion Failure Denial of Service
HIGH	HTTP:STC:IE:CVE-2017-0015-MC	HTTP: Microsoft Edge CVE-2017-0015 Memory Corruption
HIGH	HTTP:STC:IE:CVE-2016-3386-RCE	HTTP: Microsoft Edge CVE-2016-3386 Remote Code Execution
MEDIUM	SCADA:ICCP:BUFFER-SIZE	SCADA: Wrong Buffer Size

2 renamed signatures:

HTTP:STC:APPLE_SAFARI-IO	->	HTTP:STC:CVE-2017-2464-MC
APP:GENERIC-DIR-TRAV	->	APP:HP-PROTECTOR-DIR-TRAV

Details of the signatures included within this bulletin:

IMAP:OUTLOOK-RCE - IMAP: Microsoft Outlook Client Code Execution

Severity: HIGH

Description:

This signature prevents triggering of executable code on the client's side to send an email to other users.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

APP:MISC:ESKIMOROLL-KERBEROS-PE - APP: ESKIMOROLL Kerberos Privilege Escalation

Severity: HIGH

Description:

This signatures can be used to detect anomalous behavior within the Kerberos protocol.

Supported On:

References:

cve: CVE-2014-6324

Affected Products:

microsoft windows_server_2008
microsoft windows_server_2003
microsoft windows_7 -
microsoft windows_8 -
microsoft windows_8.1 -
microsoft windows_server_2008 r2
microsoft windows_server_2012 -
microsoft windows_vista -
microsoft windows_server_2012 r2

MS-RPC:RPC-OVF - MSRPC: Microsoft Windows DCOM RPC Interface Buffer Overrun

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the RPC in Microsoft Windows. A successful attack can lead to a buffer overflow and arbitrary remote code execution.

Supported On:

References:

cve: CVE-2003-0352

Affected Products:

microsoft windows_2000 (sp2)
microsoft windows_nt 4.0 (sp1:workstation)
microsoft windows_2003_server r2
microsoft windows_2000 (sp2:datacenter_server)
microsoft windows_2000 (:professional)
microsoft windows_nt 4.0 (sp2:workstation)
microsoft windows_nt 4.0 (:workstation)
microsoft windows_xp (:64-bit)
microsoft windows_2000 (sp1:server)
microsoft windows_nt 4.0 (sp6a:workstation)
microsoft windows_2000 (:server)
microsoft windows_xp (sp1)
microsoft windows_2000 (sp4:professional)
microsoft windows_nt 4.0 (sp3:workstation)
microsoft windows_nt 4.0 (sp1:server)
microsoft windows_nt 4.0 (sp6a:terminal_server)
microsoft windows_nt 4.0 (sp6:terminal_server)
microsoft windows_2000 (sp4)
microsoft windows_2003_server r2 (:64-bit)
microsoft windows_nt 4.0 (:terminal_server)
microsoft windows_2003_server standard
microsoft windows_nt 4.0 (sp6a)
microsoft windows_nt 4.0 (sp6:workstation)
microsoft windows_2000 (sp3:professional)
microsoft windows_2000 (sp1:professional)
microsoft windows_2000 (sp4:advanced_server)
microsoft windows_nt 4.0 (sp1:terminal_server)
microsoft windows_2000 (sp3:advanced_server)
microsoft windows_nt 4.0 (sp6)
microsoft windows_nt 4.0 (sp5:server)
microsoft windows_2000 (sp2:server)
microsoft windows_nt 4.0 (sp4)
microsoft windows_nt 4.0 (sp5)
microsoft windows_nt 4.0 (sp4:enterprise_server)
microsoft windows_nt 4.0 (sp2)
microsoft windows_nt 4.0 (:enterprise_server)
microsoft windows_2000 (sp3)
microsoft windows_nt 4.0 (sp1)
microsoft windows_2003_server web
microsoft windows_nt 4.0 (sp3:server)
microsoft windows_nt 4.0 (sp4:terminal_server)
microsoft windows_2000 (:advanced_server)
microsoft windows_2003_server r2 (:datacenter_64-bit)
microsoft windows_2003_server enterprise_64-bit
microsoft windows_xp (gold)
microsoft windows_nt 4.0 (sp6a:server)
microsoft windows_2003_server standard (:64-bit)
microsoft windows_nt 4.0 (sp2:enterprise_server)
microsoft windows_2000 (:datacenter_server)
microsoft windows_2003_server enterprise (:64-bit)
microsoft windows_xp (sp1:home)
microsoft windows_2000 (sp3:datacenter_server)
microsoft windows_nt 4.0 (sp2:terminal_server)
microsoft windows_2000 (sp4:server)
microsoft windows_2000 (sp3:server)
microsoft windows_nt 4.0 (sp6:enterprise_server)
microsoft windows_nt 4.0 (sp2:server)
microsoft windows_xp (:home)
microsoft windows_nt 4.0 (sp3)
microsoft windows_nt 4.0 (sp6:server)
microsoft windows_2000 (sp1)
microsoft windows_nt 4.0 (sp3:terminal_server)
microsoft windows_2000 (sp1:advanced_server)
microsoft windows_xp (gold:professional)
microsoft windows_2000 (sp4:datacenter_server)
microsoft windows_xp (sp1:64-bit)
microsoft windows_nt 4.0 (sp5:enterprise_server)
microsoft windows_nt 4.0 (sp6a:enterprise_server)
microsoft windows_nt 4.0 (sp3:enterprise_server)
microsoft windows_nt 4.0
microsoft windows_nt 4.0 (:server)
microsoft windows_2000 (sp2:professional)
microsoft windows_nt 4.0 (sp4:server)
microsoft windows_nt 4.0 (sp5:terminal_server)
microsoft windows_nt 4.0 (sp1:enterprise_server)
microsoft windows_nt 4.0 (sp5:workstation)
microsoft windows_nt 4.0 (sp4:workstation)
microsoft windows_2000 (sp1:datacenter_server)
microsoft windows_2000 (sp2:advanced_server)
microsoft windows_2003_server enterprise

APP:HP-PROTECTOR-DIR-TRAV - APP: HP DataProtector Directory Traversal

Severity: HIGH

Description:

his signature detects an attempt to exploit a known vulnerability against HP DataProtector application. Successful exploitation could allow an attacker to execute arbitrary codes into the context of the running application.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, vmx-16.1, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603

References:

bugtraq: 47638
cve: CVE-2011-1736
url: http://securitytracker.com/id?1029550

Affected Products:

hp openview_storage_data_protector 6.10
hp openview_storage_data_protector 6.00
hp openview_storage_data_protector 6.11

HTTP:STC:MOZILLA:CVE-2014-1513 - HTTP: Mozilla Firefox CVE-2014-1513 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2014-1513

HTTP:STC:SAFARI:CVE-2017-2446 - HTTP: Apple Safari CVE-2017-2446 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2017-2446

HTTP:STC:ACTIVEX:MAGNETOSOFT-OV - HTTP: Magnetosoft Networkresources Unsafe ActiveX Overflow

Severity: MEDIUM

Description:

This signature detects attempts to use unsafe ActiveX controls in the Magnetosoft Networkresources. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

isg-3.5.141652, idp-5.1.110161014, DI-Client, idp-4.1.110110719, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, vmx-16.1, isg-3.5.141597, idp-5.1.110160603

References:

url: http://www.magnetosoft.com/products/sknetresource/sknetresource_features.htm

HTTP:MISC:GENERIC-DIR-TRAVERSAL - HTTP: Generic Directory Traversal Detected

Severity: HIGH

Description:

This signature detects a generic directory traversal attempt from client request.

Supported On:

srx-branch-12.1, isg-3.5.141652, vmx-16.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1

References:

APP:REMOTE:ESTEEMAUDIT-RCE - HTTP: Microsoft Windows Empty RDP Cookie Negotiation Attempt

Severity: CRITICAL

Description:

Esteemaudit is a Remote Desktop Protocol (RDP) exploit. By exploiting this vulnerability, a threat actor can target a remote RDP Service and eventually take control of the compromised system.

Supported On:

References:

cve: CVE-2017-9073

HTTP:HPE-INTELLIGENT-CENTER-ID - HTTP: HPE Intelligent Management Center FileDownloadServlet Information Disclosure

Severity: HIGH

Description:

An information disclosure vulnerability has been reported in the Service Operation Manager Module of HPE Intelligent Management Center. Successful exploitation could allow an attacker to disclose sensitive information under the context of SYSTEM from the target host.

Supported On:

References:

cve: CVE-2017-5797

DNS:CVE-2017-0171-DOS - DNS: Windows DNS CVE-2017-0171 Denial Of Service

Severity: MEDIUM

Description:

Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server are configured to answer version queries.

Supported On:

References:

cve: CVE-2017-0171

HTTP:STC:MANTIS-PASS-RESET - HTTP: Mantis Bug Tracker confirm_hash Remote Password Reset

Severity: HIGH

Description:

A remote password reset vulnerability has been reported in Mantis Bug Tracker. Successful exploitation results in the attacker being able to change the password for arbitrary accounts.

Supported On:

References:

HTTP:STC:ADOBE:CVE-2017-3055-CE - HTTP: Adobe Acrobat Reader CVE-2017-3055 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.

Supported On:

srx-branch-12.1, isg-3.5.141652, vmx-16.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1

References:

cve: CVE-2017-3055

SCADA:ICCP:BUFFER-SIZE - SCADA: Wrong Buffer Size

Severity: MEDIUM

Description:

This signature detects a TPDU buffer size that is too small or too big. OSI Transport Class 0 (TP0) specifies the amount of user data that can be carried on any particular transport primitive. If the protocol specifications form the basis for local buffer management, too much or too little data could lead to a buffer overflow attack.

Supported On:

References:

P2P:XUNLEI:DOWNLOAD - P2P: Xunlei Download

Severity: INFO

Description:

This signature detects a download request through Xunlei. Xunlei is a Chinese peer-to-peer file sharing program.

Supported On:

References:

url: http://www.xunlei.com/

DNS:ISC-BIND-CNAME-DNAME-DOS - DNS: ISC BIND Referral CNAME and DNAME Assertion Failure Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in ISC BIND9. Successful exploitation leads to denial-of-service conditions.

Supported On:

References:

cve: CVE-2017-3137

SCADA:ICCP:INVALID-TPDU - SCADA: Invalid TPDU Code

Severity: MEDIUM

Description:

This signature detects an invalid TPDU code. ISO 8073 specifies a limited set of TPDU codes. It is possible that an invalid TPDU code can cause mis-operation by the local implementation.

Supported On:

References:

CHAT:MSN:HTTP:MSNFTP-INVITE - CHAT: MSN over HTTP File Transfer Invitation Message

Severity: INFO

Description:

This signature detects a MSN Messenger Live Person to Person File Transfer Invite message over HTTP.

Supported On:

References:

url: http://www.hypothetic.org/docs/msn/index.php

HTTP:STC:ADOBE:CVE-2017-3068-CE - HTTP: Adobe Flash CVE-2017-3068 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, srx-branch-12.1, vmx-16.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1

References:

cve: CVE-2017-3068

HTTP:STC:CHROME:CVE-2017-5030 - HTTP: Google Chrome CVE-2017-5030 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to remote code execution.

Supported On:

References:

cve: CVE-2017-5030

HTTP:STC:CHROME:CVE-2016-5198 - HTTP: Google Chrome CVE-2016-5198 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2016-5198

HTTP:STC:CHROME:CVE-2016-5200 - HTTP: Google Chrome CVE-2016-5200 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2016-5200

HTTP:STC:IE:CVE-2017-0015-MC - HTTP: Microsoft Edge CVE-2017-0015 Memory Corruption

Severity: HIGH

Description:

This signature detects an attempt to exploit an Use-After-Free Vulnerability in Microsoft Edge. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

References:

cve: CVE-2017-0015

HTTP:STC:IE:CVE-2017-0134-RCE - HTTP: Microsoft Edge CVE-2017-0134 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Edge. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2017-0134

HTTP:INTEL-AMT-PE - HTTP: Intel Active Management Technology Remote Privilege Escalation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Intel Active Management Technology (AMT) and the Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT) variants. Successful exploitation allows an unprivileged attacker to gain administrative privileges over the management component of the target system.

Supported On:

References:

cve: CVE-2017-5689

HTTP:STC:APPLE-SAFARI-PARAM-UAF - HTTP: Apple Safari parameter name Use After Free

Severity: HIGH

Description:

This signature detects an attempt to exploit an Use-After-Free Vulnerability in Apple's Safari. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

References:

Affected Products:

apple iphone_os 9.3.1
apple safari 9.1
apple apple_tv 9.2

SMB:SMBV1-REQ - SMB: SMBv1 Request Detected

Severity: INFO

Description:

This signature is written to block the SMBv1 requests.

Supported On:

isg-3.5.141652, idp-5.1.110161014, DI-Client, idp-4.1.110110719, DI-Worm, idp-4.0.0, mx-11.4, DI-Base, idp-4.1.0, mx-16.1, vmx-11.4, vmx-16.1, idp-5.0.0, idp-4.2.0, isg-3.5.0, isg-3.0.0, DI-Server, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, j-series-9.5, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, idp-4.2.110100823, isg-3.5.141597, idp-5.1.110160603

HTTP:STC:APPLE-CVE-2016-4622-CE - HTTP: Apple Safari CVE-2016-4622 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Supported On:

References:

Affected Products:

apple iphone_os 9.3.2
apple apple_tv 9.2.1
apple safari 9.1.1

HTTP:STC:APPLE-TYPARRAY-BUF-NEU - HTTP: Apple TypeArray Buffer Neutering

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2016-4734

Affected Products:

apple apple_tv 9.2.2
apple iphone_os 9.3.5
apple safari 9.1.3

HTTP:STC:APPLE-SAFARI-OOB - HTTP: Apple Safari CVE-2017-2447 Out Of Bounds

Severity: HIGH

Description:

This signature detects an attempt to exploit an out-of-bounds read vulnerability in Apple Safari. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

References:

cve: CVE-2017-2447

HTTP:STC:IE:CVE-2017-0141-AV - HTTP: Microsoft Edge CVE-2017-0141 Access Violation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Edge. A successful attack can lead to access violation.

Supported On:

References:

cve: CVE-2017-0141

HTTP:STC:CVE-2017-2464-MC - HTTP: Apple Safari CVE-2017-2464 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2017-2464

HTTP:STC:APPLE-SFRI-PWN2OWN-UAF - HTTP: Apple Safari Pwn2Own Use After Free

Severity: HIGH

Description:

This signature detects an attempt to exploit an Use-After-Free Vulnerability in Apple Safari browser. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

References:

cve: CVE-2017-2491

SMTP:OUTLOOK:OUTLOOK-CE - SMTP: Outlook Client Code Execution

Severity: HIGH

Description:

This signature prevents triggering of executable code on the client's side to send an email to other users.

Supported On:

HTTP:STC:ADOBE:CVE-2017-3071-CE - HTTP: Adobe Flash CVE-2017-3071 Remote Code Execution

Severity: HIGH

Description:

Adobe Flash Player have an exploitable use when masking display objects. Successful exploitation could lead to arbitrary code execution.

Supported On:

isg-3.5.141652, srx-branch-12.1, vsrx-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vmx-16.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2017-3071

HTTP:STC:IE:CVE-2016-3386-RCE - HTTP: Microsoft Edge CVE-2016-3386 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Edge. A successful attack can lead to arbitrary code execution.