Update Details
Update #3073 (06/12/2018)
4 deprecated signatures:
| MEDIUM | FINGER:EXPLOIT:DOT-AT-HOST | FINGER: .@host Exploit | Removal Date: 07/16/2018 | Reason For Deprecation: This signature is for EOS products. |
| HIGH | HTTP:STC:DL:HELP-IMG-HEAP | HTTP: Microsoft Windows HLP File Handling Heap Buffer Overflow | Removal Date: 07/23/2018 | Reason For Deprecation: This signature is for EOS products. |
| MEDIUM | APP:TUN:TEREDO-INFO | APP: Windows Firewall Teredo Information Disclosure | Removal Date: 07/23/2018 | Reason For Deprecation: This signature is for EOS products. |
| CRITICAL | ICMP:EXPLOIT:MIP-ROUTE-OF | ICMP: Mobile IP Route Overflow | Removal Date: 07/23/2018 | Reason For Deprecation: This signature is for EOS products. |
Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups
20 new signatures:
| HIGH | HTTP:STC:DL:MS-NTFS-EOP | HTTP: Microsoft CVE-2018-1036 NTFS Elevation of Privileges |
| HIGH | HTTP:STC:IE:CVE-2018-8111-RCE | HTTP: Microsoft Edge CVE-2018-8111 Memory Corruption |
| HIGH | HTTP:STC:DL:MS-CVE-2018-8210-CE | HTTP: Microsoft Windows CVE-2018-8210 Remote Code Execution |
| HIGH | HTTP:STC:DL:CVE-2018-8251-MC | HTTP: Windows Media Foundation CVE-2018-8251 Memory Corruption |
| HIGH | HTTP:STC:IE:CVE-2018-8110-MC | HTTP: Microsoft Edge CVE-2018-8110 Memory Corruption |
| HIGH | LDAP:PHP-LDAP-DOS | LDAP: PHP LDAP Denial of Service |
| MEDIUM | HTTP:STC:SCRIPT:OBFUSCATION-3 | HTTP: Suspicious Javascript Obfuscation Attempt 3 |
| HIGH | HTTP:IBM-QRADAR-AUTH-BP | HTTP: IBM QRadar SIEM Authentication Bypass |
| MEDIUM | HTTP:STC:SCRIPT:IBM-LOTUS-DOS | HTTP:IBM Lotus CVE-2017-1130 Denial Of Service |
| HIGH | HTTP:STC:IE:CVE-2018-8236-RCE | HTTP: Microsoft Edge CVE-2018-8236 Remote Code Execution |
| HIGH | HTTP:STC:IE:CVE-2018-0978-RCE | HTTP: Microsoft Edge CVE-2018-0978 Remote Code Execution |
| HIGH | HTTP:STC:DL:CVE-2018-8208-RCE | HTTP: Windows Desktop Bridge CVE-2018-8208 Remote Code Execution |
| HIGH | SSL:IBM-QRADAR-AUTH-BP | SSL: IBM QRadar SIEM Authentication Bypass |
| HIGH | HTTP:STC:DL:CVE-2018-8169-EOP | HTTP: Microsoft Windows HIDParser CVE-2018-8169 Elevation of Privilege |
| HIGH | HTTP:STC:DL:CVE-2018-8233-EOP | HTTP: Microsoft Windows Win32k CVE-2018-8233 Elevation of Privilege |
| HIGH | HTTP:STC:IE:CVE-2018-8249-MC | HTTP: Microsoft Internet Explorer CVE-2018-8249 Memory Corruption |
| HIGH | HTTP:STC:DL:CVE-2018-8248-RCE | HTTP: Microsoft Excel CVE-2018-8248 Remote Code Execution |
| HIGH | HTTP:STC:IE:CVE-2018-8267-RC | HTTP: Microsoft IE CVE-2018-8267 Scripting Engine Memory Corruption Vulnerability |
| HIGH | HTTP:STC:DL:CVE-2018-8214-EOP | HTTP: Microsoft Windows Desktop Bridge CVE-2018-8214 Elevation of Privilege |
| HIGH | HTTP:STC:IE:CVE-2018-8229-RCE | HTTP: Microsoft Edge CVE-2018-8229 Memory Corruption |
3 updated signatures:
| HIGH | DHCP:OPT:REDHAT-CLIENT-SCRIPT | DHCP: Red Hat Enterprise Linux Server CVE-2018-1111 Code Execution |
| HIGH | HTTP:STC:DL:CVE-2018-1013-RCE | HTTP: Microsoft Graphics CVE-2018-1013 Remote Code Execution |
| HIGH | HTTP:STC:DL:CVE-2018-8157-RCE | HTTP: Microsoft Office CVE-2018-8157 Remote Code Execution |
2 renamed signatures:
| HTTP:STC:DL:CVE-2018-8169-PE | -> | HTTP:STC:DL:CVE-2018-8169-EOP |
| HTTP:STC:DL:CVE-2018-8233-PE | -> | HTTP:STC:DL:CVE-2018-8233-EOP |
Details of the signatures included within this bulletin:
HTTP:STC:DL:MS-NTFS-EOP - HTTP: Microsoft CVE-2018-1036 NTFS Elevation of Privileges
Severity: HIGH
Description:
An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-1036
Affected Products:
- Quest netvault_backup 11.3.0.12
HTTP:STC:IE:CVE-2018-8111-RCE - HTTP: Microsoft Edge CVE-2018-8111 Memory Corruption
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Microsoft Edge. Successful exploitation could lead to remote code execution in user's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8111
HTTP:STC:DL:MS-CVE-2018-8210-CE - HTTP: Microsoft Windows CVE-2018-8210 Remote Code Execution
Severity: HIGH
Description:
A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
- bugtraq: 104407
- cve: CVE-2018-8210
HTTP:STC:DL:CVE-2018-8251-MC - HTTP: Windows Media Foundation CVE-2018-8251 Memory Corruption
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Windows Media Foundation. A successful attack can lead to arbitrary code execution.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8251
HTTP:STC:IE:CVE-2018-8110-MC - HTTP: Microsoft Edge CVE-2018-8110 Memory Corruption
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Edge. Attackers could gain the same user rights as the current user.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8110
DHCP:OPT:REDHAT-CLIENT-SCRIPT - DHCP: Red Hat Enterprise Linux Server CVE-2018-1111 Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Red Hat Enterprise Linux Server. A successful exploit could allow the attacker to inject and execute arbitrary script commands with root privileges on the system.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- url: https://github.com/knqyf263/CVE-2018-1111/
- cve: CVE-2018-1111
- bugtraq: 104195
HTTP:STC:SCRIPT:OBFUSCATION-3 - HTTP: Suspicious Javascript Obfuscation Attempt 3
Severity: MEDIUM
Description:
This signature detects obfuscated JavaScript files. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being accessed by a user. A successful attack allows the Web page creator to take control of the victims system.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:STC:DL:CVE-2018-1013-RCE - HTTP: Microsoft Graphics CVE-2018-1013 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempt to exploit a known vulnerability against Microsoft font library. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
- cve: CVE-2018-1013
HTTP:STC:DL:CVE-2018-8157-RCE - HTTP: Microsoft Office CVE-2018-8157 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Office. A successful attack can lead to code execution.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
- cve: CVE-2018-8157
LDAP:PHP-LDAP-DOS - LDAP: PHP LDAP Denial of Service
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in PHP. Successful exploitation of this vulnerability could lead to denial of service.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
HTTP:IBM-QRADAR-AUTH-BP - HTTP: IBM QRadar SIEM Authentication Bypass
Severity: HIGH
Description:
This signature detects an attempt to exploit an authentication bypass which has been reported in IBM QRadar SIEM. A remote, unauthenticated user can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary commands as the "nobody" user.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
- cve: CVE-2018-1418
HTTP:STC:SCRIPT:IBM-LOTUS-DOS - HTTP:IBM Lotus CVE-2017-1130 Denial Of Service
Severity: MEDIUM
Description:
The signature attempts to prevent a vulnerability in the native browser that comes with IBM Lotus Notes. Denial of service would be caused on successful exploitation.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- bugtraq: 100632
- url: https://www.rapid7.com/db/modules/auxiliary/dos/http/ibm_lotus_notes2
- url: https://www.exploit-db.com/exploits/42604/
- cve: CVE-2017-1130
Affected Products:
- Ibm inotes 8.5.1.5
- Ibm inotes 8.5.3.0
- Ibm inotes 9.0.1.8
- Ibm inotes 9.0.0.0
- Ibm inotes 8.5.2.4
- Ibm inotes 9.0.1.1
- Ibm inotes 8.5.2.0
- Ibm inotes 8.5.3.6
- Ibm inotes 8.5.0.0
- Ibm inotes 8.5.2.1
- Ibm inotes 8.5.3.1
- Ibm inotes 9.0.1.0
- Ibm inotes 8.5.1.1
- Ibm inotes 8.5.1.0
HTTP:STC:IE:CVE-2018-8236-RCE - HTTP: Microsoft Edge CVE-2018-8236 Remote Code Execution
Severity: HIGH
Description:
This signature detects an attempt to exploit an Memory Corruption Vulnerability in Microsoft Edge. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8236
HTTP:STC:IE:CVE-2018-0978-RCE - HTTP: Microsoft Edge CVE-2018-0978 Remote Code Execution
Severity: HIGH
Description:
This signature detects an attempt to exploit an Memory Corruption Vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
- cve: CVE-2018-0978
HTTP:STC:DL:CVE-2018-8208-RCE - HTTP: Windows Desktop Bridge CVE-2018-8208 Remote Code Execution
Severity: HIGH
Description:
This signature detects an attempt to exploit an Microsoft Windows Desktop Bridge. Successful exploitation could allow an attacker to execute arbitrary code into the user's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8208
SSL:IBM-QRADAR-AUTH-BP - SSL: IBM QRadar SIEM Authentication Bypass
Severity: HIGH
Description:
This signature detects an attempt to exploit an authentication bypass which has been reported in IBM QRadar SIEM. A remote, unauthenticated user can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary commands as the "nobody" user.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
- cve: CVE-2018-1418
HTTP:STC:DL:CVE-2018-8169-EOP - HTTP: Microsoft Windows HIDParser CVE-2018-8169 Elevation of Privilege
Severity: HIGH
Description:
This signature detects an attempt to exploit an Microsoft Windows HIDParser. Successful exploitation could allow an attacker to execute arbitrary code into the user's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8169
HTTP:STC:DL:CVE-2018-8233-EOP - HTTP: Microsoft Windows Win32k CVE-2018-8233 Elevation of Privilege
Severity: HIGH
Description:
This signature detects an attempt to exploit an Microsoft Windows Win32k component. Successful exploitation could allow an attacker to execute arbitrary code into the user's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8233
HTTP:STC:IE:CVE-2018-8249-MC - HTTP: Microsoft Internet Explorer CVE-2018-8249 Memory Corruption
Severity: HIGH
Description:
This signature detects an attempt to exploit a known vulnerability in Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8249
HTTP:STC:DL:CVE-2018-8248-RCE - HTTP: Microsoft Excel CVE-2018-8248 Remote Code Execution
Severity: HIGH
Description:
This signature attempts to prevent a known vulnerability in Microsoft Excel. Successful exploitation could lead to remote code execution in user's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8248
HTTP:STC:IE:CVE-2018-8267-RC - HTTP: Microsoft IE CVE-2018-8267 Scripting Engine Memory Corruption Vulnerability
Severity: HIGH
Description:
Signature attempts to prevent a remote code execution vulnerability in Internet Explorer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8267
HTTP:STC:DL:CVE-2018-8214-EOP - HTTP: Microsoft Windows Desktop Bridge CVE-2018-8214 Elevation of Privilege
Severity: HIGH
Description:
This signature detects an attempt to exploit Microsoft Windows Desktop Bridge. Successful exploitation could allow an attacker to execute arbitrary code into the user's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8214
HTTP:STC:IE:CVE-2018-8229-RCE - HTTP: Microsoft Edge CVE-2018-8229 Memory Corruption
Severity: HIGH
Description:
This signature attempts to detect a known vulnerability in Chakra Scripting Engine. Successful exploitation could lead to remote code execution in user's context.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-8229