Update Details
Update #3294 (06/30/2020)
5 updated signatures:
| MEDIUM | HTTP:STC:DL:CVE-2019-0614-ID | HTTP: Microsoft Graphics Device Interface DoGdiCommentMultiFormats Information Disclosure |
| MEDIUM | HTTP:STC:IMG:EATON-HS-BOF | HTTP: Eaton HMiSoft VU3 Stack Buffer Overflow |
| HIGH | HTTP:STC:DL:CVE-2018-8413-RCE | HTTP: Microsoft Windows CVE-2018-8413 Theme API Remote Code Execution |
| MEDIUM | HTTP:ORACLE:EBUIS-SUITE-CAL-XSS | HTTP: Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross-Site Scripting |
| MEDIUM | HTTP:EXPLOIT:IE-SAVE-AS-HIDE | HTTP: Internet Explorer Save As Extension Hiding |
1 renamed signature:
| SMB:MS-SMBV3-COMP-INFO-DIS2 | -> | SMB:MS-SMBV3-COMP-INFO-DIS |
Details of the signatures included within this bulletin:
SMB:MS-SMBV3-COMP-INFO-DIS - SMB: Microsoft Windows SMBv3 Compression Information Disclosure
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows SMBv3 Compression. A successful attack can lead to sensitive information disclosure.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1
References:
- cve: CVE-2020-1206
Affected Products:
- Microsoft windows_server_2016 1903
- Microsoft windows_10 1909
- Microsoft windows_server_2016 1909
- Microsoft windows_10 1903
- Microsoft windows_server_2016 2004
- Microsoft windows_10 2004
HTTP:STC:DL:CVE-2018-8413-RCE - HTTP: Microsoft Windows CVE-2018-8413 Theme API Remote Code Execution
Severity: HIGH
Description:
This signature detects an attempt to exploit a remote code execution vulnerability in Microsoft Windows. Successful exploitation could allow an attacker to execute arbitrary code in the context of the current user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-1300
- cve: CVE-2018-8413
- bugtraq: 105448
Affected Products:
- Microsoft windows_8.1 *
- Microsoft windows_10 1607
- Microsoft windows_rt_8.1 -
- Microsoft windows_10 1803
- Microsoft windows_10 1809
- Microsoft windows_server_2019 -
- Microsoft windows_server_2016 1709
- Microsoft windows_server_2016 1803
- Microsoft windows_server_2008 r2
- Microsoft windows_server_2012 -
- Microsoft windows_10 1709
- Microsoft windows_7 -
- Microsoft windows_10 -
- Microsoft windows_10 1703
- Microsoft windows_server_2016 -
- Microsoft windows_server_2012 r2
HTTP:STC:DL:CVE-2019-0614-ID - HTTP: Microsoft Graphics Device Interface DoGdiCommentMultiFormats Information Disclosure
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Graphics Device Interface (GDI) component of Microsoft Windows.A successful attack can lead to information disclosure.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2019-0614
Affected Products:
- Microsoft windows_10 1607
- Microsoft windows_rt_8.1 -
- Microsoft windows_10 1803
- Microsoft windows_10 1809
- Microsoft windows_server_2019 -
- Microsoft windows_server_2016 1803
- Microsoft windows_server_2016 1709
- Microsoft windows_8.1 -
- Microsoft windows_server_2008 r2
- Microsoft windows_server_2012 -
- Microsoft windows_10 1709
- Microsoft windows_7 -
- Microsoft windows_10 -
- Microsoft windows_10 1703
- Microsoft windows_server_2016 -
- Microsoft windows_server_2008 -
- Microsoft windows_server_2012 r2
HTTP:EXPLOIT:IE-SAVE-AS-HIDE - HTTP: Internet Explorer Save As Extension Hiding
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability in Internet Explorer 5.0, 5.5, and 6.0. Attackers can use a double extension when creating a link to a file; this link can trick users into believing they are downloading a specific file type (HTML, BMP, HTA, etc.) when they are actually downloading a different file type (GIF, EXE, BAT, etc.). Using this method, attackers can place malicious code on a target computer, then use another exploit to run that code. Note: This signature can also produce false positives.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- bugtraq: 11768
Affected Products:
- Microsoft internet_explorer 6.0
- Microsoft internet_explorer 5.0.1 SP4
- Microsoft internet_explorer 5.0 For Windows 95
- Microsoft internet_explorer 5.0 For Windows NT 4.0
- Microsoft internet_explorer 5.5 SP1
- Microsoft internet_explorer 5.0 For Windows 2000
- Microsoft internet_explorer 5.0 For Windows 98
- Microsoft internet_explorer 5.0.1
- Microsoft internet_explorer 6.0 SP1
- Microsoft internet_explorer 5.0.1 SP1
- Microsoft internet_explorer 5.0
- Microsoft internet_explorer 5.0.1 For Windows 95
- Microsoft internet_explorer 5.0.1 For Windows 98
- Microsoft internet_explorer 5.0.1 For Windows NT 4.0
- Microsoft internet_explorer 5.0.1 For Windows 2000
- Microsoft internet_explorer 5.0.1 SP2
- Microsoft internet_explorer 5.5
- Microsoft internet_explorer 5.5 SP2
- Microsoft internet_explorer 5.0.1 SP3
- Microsoft internet_explorer 5.5 Preview
HTTP:STC:IMG:EATON-HS-BOF - HTTP: Eaton HMiSoft VU3 Stack Buffer Overflow
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Eaton HMiSoft. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Eaton hmisoft_vu3_firmware 3.00.23
HTTP:ORACLE:EBUIS-SUITE-CAL-XSS - HTTP: Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross-Site Scripting
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known cross-site scripting vulnerability against E-Business Suite Advanced Outbound Telephony Calendar. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-2856
- cve: CVE-2020-2854
- cve: CVE-2020-2871
- url: https://www.oracle.com/security-alerts/cpuapr2020.html#appendixe
- cve: CVE-2020-2852
Affected Products:
- Oracle advanced_outbound_telephony 12.1.3
- Oracle advanced_outbound_telephony 12.1.1
- Oracle advanced_outbound_telephony 12.1.2