IPS Signature Release Note V7.16.70
Total Page:16
File Type:pdf, Size:1020Kb
SOPHOS IPS Signature Update Release Notes Version : 7.16.70 Release Date : 28th January 2020 IPS Signature Update Release Information Upgrade Applicable on IPS Signature Release Version 7.16.69 Sophos Appliance Models XG-550, XG-750, XG-650 Upgrade Information Upgrade type: Automatic Compatibility Annotations: None Introduction The Release Note document for IPS Signature Database Version 7.16.70 includes support for the new signatures. The following sections describe the release in detail. New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at [email protected], along with the application details. January 2020 Page 2 of 51 IPS Signature Update This IPS Release includes Five Hundred and Seven(507) signatures to address Three Hundred and Sixty Four(364) vulnerabilities. New signatures are added for the following vulnerabilities: Name CVE–ID Category Severity BROWSER-FIREFOX Mozilla Firefox CVE- 2010-3765 CVE-2010- Browsers 4 document.write And 3765 DOM Insertions Memory Corruption BROWSER-FIREFOX (Published Exploit) Mozilla Firefox CVE-2010- Browsers 4 document.write And 3765 DOM Insertions Memory Corruption BROWSER-IE Microsoft Internet Explorer CVE-2008- ActiveX Navigate Browsers 4 4258 Handling Code Execution BROWSER-IE Microsoft Internet Explorer CVE- CVE-2012- 2012-4969 Browsers 4 4969 execCommand Use After Free BROWSER-IE Microsoft Internet Explorer CVE- CVE-2013- Browsers 4 2013-3163 Use After 3163 Free (Published Exploit) BROWSER-IE Microsoft Internet Explorer CVE-2010- Browsers 4 HtmlDlgHelper Memory 3329 Corruption January 2020 Page 3 of 51 IPS Signature Update BROWSER-IE Microsoft Internet Explorer Image CVE-2008- Processing Argument Browsers 4 0078 Handling Memory Corruption BROWSER-IE Microsoft Internet Explorer CVE-2013- runtimeStyle Handling Browsers 4 3882 Memory Corruption (Published Exploit) BROWSER-IE Microsoft Internet Explorer VML CVE-2013- Processing Integer Browsers 4 2551 Underflow (Published Exploit) BROWSER-IE Microsoft Internet Explorer XML Processing Memory Browsers 4 Corruption (Published Exploit) BROWSER-OTHER Apple Safari parent.close Code Browsers 4 Execution (Published Exploit) BROWSER-OTHER Apple Safari Right-to-Left Text CVE-2010- Rendering Use After Browsers 4 0049 Free Vulnerability (Published Exploit) BROWSER-OTHER Apple Safari WebKit Selections CVE-2010- Browsers 4 Use After Free 1812 (Published Exploit) BROWSER-OTHER Browsers 4 Opera Browser file URI January 2020 Page 4 of 51 IPS Signature Update Handling Buffer Overflow BROWSER-PLUGINS Adobe Download CVE-2009- Manager getPlus Browsers 4 3958 ActiveX Control Buffer Overflow BROWSER-PLUGINS Advantech WebAccess SCADA CVE-2014-0767 CVE-2014- Browsers 4 webvact.ocx 0767 AccessCode Buffer Overflow II BROWSER-PLUGINS Advantech WebAccess SCADA CVE-2014-0767 CVE-2014- Browsers 4 webvact.ocx 0767 AccessCode Buffer Overflow I BROWSER-PLUGINS Attachmate Reflection CVE-2014- FTP Client ActiveX Browsers 4 0603 GetGlobalSettings Memory Corruption BROWSER-PLUGINS Attachmate Reflection CVE-2014- FTP Client ActiveX Browsers 4 0606 GetSiteProperties3 Memory Corruption BROWSER-PLUGINS CA Multiple Products CVE-2008- ActiveX Control ListCtrl Browsers 4 1472 AddColumn Buffer Overflow BROWSER-PLUGINS CVE-2011- Browsers 4 Citrix Access Gateway January 2020 Page 5 of 51 IPS Signature Update Plug-in ActiveX Code 2882 Execution BROWSER-PLUGINS Citrix Access Gateway CVE-2011- Plug-in for Windows Browsers 4 2592 nsepacom ActiveX Control Buffer Overflow BROWSER-PLUGINS Flexera InstallShield CVE-2011- ISGrid2.dll Browsers 4 3174 DoFindReplace Heap Buffer Overflows BROWSER-PLUGINS IBM Lotus Domino CVE- CVE-2007- 2007-4474 Web Access Browsers 5 4474 ActiveX Control Buffer Overflow BROWSER-PLUGINS IBM Lotus iNotes CVE-2012- Browsers 4 dwa85W.dll ActiveX 2175 Control Buffer Overflow BROWSER-PLUGINS Macrovision CVE-2008- InstallShield Update Browsers 4 2470 Service Agent ActiveX Memory Corruption BROWSER-PLUGINS Macrovision CVE-2007- InstallShield Update Browsers 4 6654 Service isusweb.dll Remote Buffer Overflow BROWSER-PLUGINS Microsoft Access CVE-2010- Browsers 4 Wizard ActiveX Control 1881 Memory Corruption January 2020 Page 6 of 51 IPS Signature Update BROWSER-PLUGINS Microsoft Agent CVE- CVE- 2007- Browsers 5 2007-3040 Crafted URL 3040 Stack Buffer Overflow BROWSER-PLUGINS Microsoft Agent CVE- CVE-2007- Browsers 5 2007-3040 Crafted URL 3040 Stack Buffer Overflow BROWSER-PLUGINS Microsoft Visual Studio MSMASK32.OCX CVE-2008- Browsers 4 ActiveX Control Buffer 3704 Overflow (Published Exploit) BROWSER-PLUGINS Microsoft Windows CVE-2008- Media Encoder 9 Browsers 4 3008 ActiveX Control Buffer Overflow BROWSER-PLUGINS Microsoft WMI CVE-2010- Administrative Tools Browsers 4 3973 ActiveX Control Multiple Vulnerabilities I BROWSER-PLUGINS Microsoft WMI CVE-2010- Administrative Tools Browsers 4 3973 ActiveX Control Multiple Vulnerabilities BROWSER-PLUGINS Novell iPrint Client ExecuteRequest debug Browsers 4 Parameter Buffer Overflow BROWSER-PLUGINS Browsers 4 January 2020 Page 7 of 51 IPS Signature Update Novell iPrint Client GetDriverSettings Stack Buffer Overflow BROWSER-PLUGINS Novell iPrint Client nipplib.dll ActiveX CVE-2008- Browsers 4 Control 2436 IppCreateServerRef Buffer Overflow BROWSER-PLUGINS Novell ZENworks CVE-2011- LaunchHelp.dll ActiveX Browsers 4 2657 Control LaunchProcess Code Execution BROWSER-PLUGINS Orbit Downloader URL CVE-2008- Browsers 4 Processing Stack Buffer 1602 Overflow BROWSER-PLUGINS Samsung iPOLiS CVE- 2014-3912 Device CVE-2014- Browsers 4 Manager 3912 FindConfigChildeKeyList Buffer Overflow II BROWSER-PLUGINS Samsung iPOLiS CVE- 2014-3912 Device CVE-2014- Browsers 4 Manager 0767 FindConfigChildeKeyList Buffer Overflow I BROWSER-PLUGINS Symantec Products CVE-2007- ActiveX Control Browsers 4 2955 NavComUI.dll Code Execution January 2020 Page 8 of 51 IPS Signature Update BROWSER-PLUGINS Trend Micro OfficeScan Browsers 4 objRemoveCtrl ActiveX Control Buffer Overflow BROWSER-PLUGINS Unitronics VisiLogic CVE-2015- OPLC IDE TeePreviewer Browsers 4 6478 ChartLink Memory Corruption BROWSER-PLUGINS WinZip FileView ActiveX Browsers 4 Control Unsafe Method Exposure BROWSER-PLUGINS Yahoo Messenger CVE-2007- Browsers 4 AudioConf ActiveX 1680 Control Buffer Overflow BROWSER-PLUGINS Yahoo! Music Jukebox Browsers 4 ActiveX Control Buffer Overflow BROWSER-PLUGINS Yahoo Toolbar CVE- CVE-2007- 2007-6535 YShortcut Browsers 4 6535 ActiveX clsid access Vulnerability FILE-FLASH Adobe Flash Player Memory CVE-2011- Multimedia 4 Corruption (Published 0609 Exploit) FILE-FLASH Adobe Flash Player OpenType Font CVE-2012- Parsing Integer Multimedia 4 1535 Overflow (Published Exploit) January 2020 Page 9 of 51 IPS Signature Update FILE-FLASH Adobe Flash Player Shader Memory CVE-2014- Multimedia 4 Corruption (Published 0515 Exploit) FILE-IDENTIFY Microsoft Application Office Word File 4 and Software Download Request FILE-IDENTIFY OMRON CVE-2019- Application CX-One CX-Programmer 4 6556 and Software Program Use after Free FILE-IMAGE Adobe Acrobat CVE-2018- ImageConversion JPEG Multimedia 4 12855 Parsing Out-Of-Bounds Read FILE-IMAGE Adobe Photoshop CS4 ABR File CVE-2010- Multimedia 4 Processing Buffer 1296 Overflow FILE-IMAGE GIMP XWD CVE-2012- File Handling Stack Multimedia 4 5576 Buffer Overflow FILE-IMAGE libpng CVE-2011- png_decompress_chunk Multimedia 4 3026 Integer Overflow FILE-IMAGE Microsoft Windows CVE-2014- CVE-2014- Multimedia 4 0301 DirectShow JPEG 0301 Double Free FILE-JAVA IBM Java CVE-2012- Application com.ibm.rmi.util.ProxyU 4 4820 and Software til Sandbox Breach January 2020 Page 10 of 51 IPS Signature Update FILE-JAVA IBM Java java.lang.ClassLoader.d CVE-2012- Application 4 efineClass Sandbox 4823 and Software Breach FILE-JAVA Sun Java Web CVE-2008- Application Start JNLP java-vm-args 4 3111 and Software Heap Buffer Overflow FILE-JAVA Sun Java Web CVE-2008- Application Start JNLP vm args Stack 4 3111 and Software Overflow FILE-MULTIMEDIA Adobe Acrobat CVE- 2017-11249 CVE-2017- Multimedia 4 ImageConversion EMF 11249 Parsing Out-Of-Bounds Read FILE-MULTIMEDIA Adobe Acrobat CVE-2017- ImageConversion EMF Multimedia 4 16416 EmfPlus Heap-based Buffer Overflow FILE-MULTIMEDIA Adobe Acrobat CVE-2017- Multimedia 4 ImageConversion EMF 11308 Integer Overflow FILE-MULTIMEDIA Adobe Acrobat CVE-2017- ImageConversion EMF Multimedia 4 11227 Parsing Integer Overflow FILE-MULTIMEDIA Apple QuickTime and CVE-2005- Multimedia 4 iTunes Heap Memory 4092 Corruption (HTTP QuickTime MOV File January 2020 Page 11 of 51 IPS Signature Update Transfer) FILE-MULTIMEDIA Apple QuickTime and CVE-2005- Multimedia 4 iTunes Heap Memory 4092 Corruption FILE-MULTIMEDIA Apple QuickTime FPX Multimedia 4 File Requested FILE-MULTIMEDIA Apple QuickTime Image CVE-2009- Description Atom Sign Multimedia 4 0955 Extension Memory Corruption FILE-MULTIMEDIA Apple QuickTime Image CVE-2008- Multimedia 4 Descriptor Atom Parsing 0033 Memory Corruption FILE-MULTIMEDIA Apple QuickTime MOV CVE-2005- Multimedia 4 File String Handling 2753 Integer Overflow FILE-MULTIMEDIA Apple QuickTime Obji CVE-2008- Multimedia 4 Atom Parsing Stack 1022 Buffer Overflow FILE-MULTIMEDIA Apple QuickTime Panorama Sample CVE-2007- Multimedia 4 Atoms Movie File 4675 Handling Buffer Overflow FILE-MULTIMEDIA CVE-2012- Multimedia 4 Apple QuickTime PICT 0671 File Processing Memory