IPS Signature Database Release Notes V 5.13.36

IPS Signature Database Version: 5.13.36 IPS Signature Database Release NotestVersion 5.13.36 ------R---e---l-e--a--s---e---N---o---t-e---s------D---a---t-e--:-2---1-----M----A--R---,---2--0---1--7--

Release Information

Upgrade Applicable on

IPS Signature Release Version 5.13.35 Cyberoam Appliance Models CR15iNG, CR15wiNG, CR10iNG

Upgrade Information Upgrade type: Automatic

Compatibility Annotations: None

Introduction

The Release Note document for IPS Signature Database Version 5.13.36 includes support for the new signatures. The following sections describe the release in detail.

New IPS Signatures

The Cyberoam Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected] along with the application details.

This IPS Release includes Eighty Five(85) signatures to address Five(5) vulnerabilities. New signatures are added for the following Vulnerabilities:

Page 1 of 9 Document Version – 1.0- 21/03/2017

Name CVE–ID Rev No. Category Severity Applicable from Version Microsoft MSXML CVE- CVE- 1.0 Office 1 10.06.1 Build 631 2017-0022 Information 2017-0022 Tools Disclosure Linux Kernel SCTP CVE- 1.0 Operating 1 10.06.1 Build 631 sctp_sf_ootb Out of Bounds 2016-9555 System Read and Services Malware NA 1.0 Malware 1 10.06.1 Build 631 Trojan.MSIL.Magentpass.A Communic Runtime Detection ation Malware NA 1.0 Malware 1 10.06.1 Build 631 Trojan.MSIL.HiddenTearEnje Communic y.A Runtime Detection ation Malware NA 1.0 Malware 1 10.06.1 Build 631 Backdoor.Win32.Stonedrill.A Communic Runtime Detection ation Malware NA 1.0 Malware 1 10.06.1 Build 631 Trojan.Win32.Geniczx.A Communic Runtime Detection ation Malware NA 1.0 Malware 1 10.06.1 Build 631 Backdoor.Win32.Regostub.A Communic Runtime Detection ation Malware NA 1.0 Malware 1 10.06.1 Build 631 Trojan.Win32.Poritprog.A Communic Runtime Detection ation BROWSER-IE Microsoft CVE- 1.0 Browsers 2 10.06.1 Build 631 Edge 2017-0037 HandleColumnBreakOnColu mnSpanningElement type confusion attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 2 10.06.1 Build 631 Internet Explorer 11 2017-0042 Windows Media Player information disclosure attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Edge 2017-0037 HandleColumnBreakOnColu mnSpanningElement type confusion attempt

BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Edge AsmJs memory 2017-0035 corruption attempt

Page 2 of 9 Document Version – 1.0- 21/03/2017

BROWSER-IE Microsoft CVE- 1.0 Browsers 4 10.06.1 Build 631 Edge Data URI same origin 2017-0017 policy bypass attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Internet Explorer CHtmlTab 2017-0018 use after free attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Internet Explorer Array out of 2017-0040 bounds memory corruption BROWSER-IE Microsoft CVE- 1.0 Browsers 4 10.06.1 Build 631 Internet Explorer mutated 2017-0049 scope with generator memory corruption attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Internet Explorer 2017-0009 DOMAttrModified event use after free attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 4 10.06.1 Build 631 Internet Explorer mhtml and 2017-0008 res protocol information disclosure attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 3 10.06.1 Build 631 Edge CSS animation style 2017-0011 information disclosure attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Internet Explorer array proto 2017-0032 chain manipulation memory corruption attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 3 10.06.1 Build 631 Edge url forgery attempt 2017-0033 BROWSER-IE Microsoft CVE- 1.0 Browsers 3 10.06.1 Build 631 Edge web address spoofing 2017-0069 attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Edge JavascriptProxy 2017-0094 SetPropertyTrap type confusion attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 2 10.06.1 Build 631 Internet Explorer loadXML 2016-3298 parseError.errorCode information disclosure attempt

BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Edge malformed UTF-8 2017-0131 decode arbitrary read attempt

Page 3 of 9 Document Version – 1.0- 21/03/2017

BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Internet Explorer arguments 2017-0130 type confusion attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 3 10.06.1 Build 631 Internet Explorer textarea 2017-0059 type confusion attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 3 10.06.1 Build 631 Edge local file read 2017-0065 information leak attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Edge WebAssembly memory 2017-0133 corruption attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 3 10.06.1 Build 631 Edge fetch API same origin 2017-0140 policy bypass attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 3 10.06.1 Build 631 Edge scripting engine 2017-0066 security bypass css attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Edge EntrySimpleSlotGetter 2017-0070 use after free attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Edge reverse helper heap 2017-0139 buffer overflow attempt BROWSER-IE Microsoft CVE- 1.0 Browsers 1 10.06.1 Build 631 Edge TypedArray setter 2017-0071 arbitrary write attempt FILE-EXECUTABLE CVE- 1.0 Operating 3 10.06.1 Build 631 Microsoft Windows Com 2017-0100 System Session Moniker pivilege and escalation attempt Services FILE-IMAGE GDI+ CVE- 1.0 Multimedia 1 10.06.1 Build 631 malformed EMF comment 2017-0060 heap access violation attempt FILE-IMAGE Microsoft GDI+ CVE- 1.0 Multimedia 4 10.06.1 Build 631 malformed EMF description 2017-0062 out of bounds read attempt FILE-OFFICE Microsoft CVE- 1.0 Office 1 10.06.1 Build 631 Excel malformed CellXF 2017-0027 Tools memory corruption attempt FILE-OFFICE Microsoft CVE- 1.0 Office 1 10.06.1 Build 631 Office RTF footnote format 2017-0019 Tools use after free attempt FILE-OFFICE Microsoft CVE- 1.0 Office 1 10.06.1 Build 631 Office Excel xlsb use-after- 2017-0020 Tools free attempt

Page 4 of 9 Document Version – 1.0- 21/03/2017

FILE-OFFICE Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Office imjp12k.dll dll-load 2017-0039 System exploit attempt and Services FILE-OFFICE Microsoft CVE- 1.0 Office 1 10.06.1 Build 631 Office Word out of bounds 2017-0105 Tools read attempt FILE-OFFICE Microsoft CVE- 1.0 Office 1 10.06.1 Build 631 Excel shared strings memory 2017-0052 Tools corruption attempt FILE-OFFICE Microsoft CVE- 1.0 Office 1 10.06.1 Build 631 Excel shared strings memory 2017-0006 Tools corruption attempt FILE-OFFICE Microsoft CVE- 1.0 Office 1 10.06.1 Build 631 Word 2010 use-after-free 2017-0030 Tools memory corruption vulnerability attempt FILE-OTHER Windows NA 1.0 Multimedia 1 10.06.1 Build 631 Uniscribe remote code execution vulnerability attempt FILE-OTHER Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows TTF file out of 2017-0083 System bounds access attempt and Services FILE-OTHER Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows Uniscribe privilege 2017-0086 System escalation attempt and Services FILE-OTHER Microsoft CVE- 1.0 Office 1 10.06.1 Build 631 Windows Uniscribe privilege 2017-0108 Tools escalation attempt FILE-PDF Microsoft Edge NA 1.0 Browsers 1 10.06.1 Build 631 PDF Builder out of bounds read attempt FILE-PDF Microsoft Edge CVE- 1.0 Browsers 1 10.06.1 Build 631 PDF Builder out of bounds 2017-0023 read attempt OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows Kernel 2017-0050 System NtCreateProfile privilege and escalation attempt Services OS-WINDOWS Microsoft CVE- 1.0 Multimedia 1 10.06.1 Build 631 Windows GDI privilege 2017-0047 escalation attempt OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows DirectComposition 2017-0026 System double free attempt and Services

Page 5 of 9 Document Version – 1.0- 21/03/2017

OS-WINDOWS Microsoft CVE- 1.0 Operating 3 10.06.1 Build 631 Windows Device Guard code 2017-0007 System execution attempt and Services OS-WINDOWS Microsoft CVE- 1.0 Multimedia 3 10.06.1 Build 631 Windows GDI invalid EMF 2017-0038 cbBitsSrc memory disclosure attempt OS-WINDOWS Microsoft CVE- 1.0 Browsers 3 10.06.1 Build 631 Windows Ntoskrnl integer 2017-0103 overflow privilege escalation attempt OS-WINDOWS Microsoft CVE- 1.0 Multimedia 1 10.06.1 Build 631 GDI+ privilege escalation 2017-0081 attempt OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows DDI privilege 2017-0080 System escalation attempt and Services OS-WINDOWS Microsoft CVE- 1.0 Office 3 10.06.1 Build 631 Windows GDI WMF out of 2017-0073 Tools bounds read attempt OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows TrueTypeFont post 2017-0121 System table out of bounds write and attempt Services OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows SMBv1 identical 2017-0143 System MID and FID type confusion and attempt Service OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows TrueType Font out 2017-0090 System of bounds write attempt and Service

OS-WINDOWS Microsoft CVE- 1.0 Operating 3 10.06.1 Build 631 Windows TrueType Font out 2017-0072 System of bounds write attempt and Service OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows TrueTypeFont 2017-0087 System GSUB table out of bounds and write attempt Service

OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows TrueType Font 2017-0089 System LookupTable out of bounds and write attempt Service

Page 6 of 9 Document Version – 1.0- 21/03/2017

OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows TrueTypeFont post 2017-0088 System table out of bounds write and attempt Service OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Win32k DDI use after free 2017-0082 System attempt and Service OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Win32k DDI use after free 2017-0078 System attempt and Service OS-WINDOWS Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Win32u 2017-0056 System NtUserThunkedMenuItemInf and o use after free attempt Service SERVER-SAMBA Microsoft CVE- 1.0 Operating 1 10.06.1 Build 631 Windows Samba buffer 2017-0144 System overflow attempt and Service

Page 7 of 9 Document Version – 1.0- 21/03/2017

 Name: Name of the Signature.

 CVE–ID: CVE Identification Number. Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

 Rev No.: Threat signature revision number.

 Category: Class type according to threat.

 Severity: Degree of severity. The levels of severity are described in the table below:

Severity Level Severity Criteria 1 Low 2 Moderate 3 High 4 Critical

 Applicable from Version: Threat Signatures are available in a specified Cyberoam Firmware Version and above.

Page 8 of 9 Document Version – 1.0- 21/03/2017

Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

USER’S LICENSE Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.

You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam UTM Appliances at http://kb.cyberoam.com.

Corporate Headquarters Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower, Off. C.G. Road, Ahmedabad – 380006, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com

Page 9 of 9 Document Version – 1.0- 21/03/2017