*** EX RELS 03323 Release *** Total number of signatures: 6030 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 18 rule(s): --------------- 1054713 NETBIOS Microsoft Windows SMB Negotiate Request Remote code execution (CVE-2009-3103) 1057303 RPC Microsoft Windows Print Spooler Service Arbitrary File Upload -2 (CVE-2010-2729) 1133590 WEB-CLIENT Microsoft Internet Explorer and Edge Blocksite.htm Spoofing -1.1 (CVE-2017-0033) 1133592 FILE Microsoft Graphics Device Interface CVE-2017-0038 Information Disclosure -1 (CVE-2017-0038) 1133616 WEB-CLIENT Microsoft Edge CVE-2017-0065 Information Disclosure (CVE-2017-0065) 1133617 WEB Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection -1 (ZDI-17-128) 1133624 WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.1 (ZDI-17-116) 1133626 WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.2 (ZDI-17-116) 1133628 WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.3 (ZDI-17-116) 1133631 WEB Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution (CVE-2016-7547) 1133632 EXPLOIT Possible ECLIPSEDWING (MS08-067) 1133633 EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -1 (CVE-2014-6324) 1133634 EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -2 (CVE-2014-6324) 1133635 SMB Microsoft MS17-010 SMB Remote Code Excution -1 1133636 SMB Microsoft MS17-010 SMB Remote Code Excution -2 1133637 SMB Microsoft MS17-010 SMB Remote Code Excution -3 1133638 SMB Microsoft MS17-010 SMB Remote Code Excution -4 1133639 WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.4 (ZDI-17-116) Modified 11 rule(s): --------------- 1054841 WEB SQL injection attempt -7 1131155 WEB-CLIENT WScript.Shell Remote Code Execution -3 1131578 WEB ManageEngine EventLog Analyzer Remote Code Execution -1.a (CVE-2015-7387) 1132387 WEB-CLIENT Suspicious HTML Div Tag -1 1132388 WEB-CLIENT Suspicious HTML Div Tag -2 (Ransomware Attack Vector) 1133042 WEB WordPress Admin API Directory Traversal -1 (CVE-2016-6896) 1133389 WEB Netgear WNR2000v5 Remote Code Execution Vulnerability 1133449 SMB Microsoft SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016) 1133506 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141) 1133516 WEB Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure 1133594 FILE Microsoft Office/WordPad Remote Code Execution Vulnerability (CVE-2017-0199) Deleted 31 rule(s): --------------- 1054200 WEB HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow -1 (CVE-2011-3167) (old rule) 1054318 EXPLOIT Microsoft Windows Mail and Meeting Space Insecure Library Loading - http (CVE-2011-2016) (old rule) 1054336 RDP Microsoft Remote Desktop Connection Insecure Library Loading - http (CVE-2011-0029) (old rule) 1054430 WEB HP OpenView Network Node Manager jovgraph.exe displayWidth Buffer Overflow -1 (CVE-2011-0261) (old rule) 1054471 EXPLOIT HP OpenView Network nnmRptConfig.exe nameParams text1 Buffer Overflow (CVE-2011-0268) (old rule) 1054476 EXPLOIT HP OpenView NNM schdParams and nameParams buffer overflow (CVE-2011-0267) (old rule) 1054478 LDAP IBM Lotus Domino LDAP Bind Request integer overflow -1 (CVE-2011-0917) (old rule) 1054479 EXPLOIT Microsoft Windows BROWSER ELECTION Buffer Overflow -2 (CVE-2011-0654) (old rule) 1054489 SMTP Multiple Products STARTTLS Plaintext Command Injection (CVE-2011-0411) (old rule) 1054629 WEB Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow -1 (CVE-2010-3552) (Ransomware Attack Vector) (old rule) 1054875 WEB-CLIENT Microsoft Internet Explorer Redirect Memory Corruption (CVE-2011-1262) (old rule) 1054935 EXPLOIT HP OpenView Storage Data Protector EXEC_CMD Buffer Overflow -1 (CVE-2011-1866) (old rule) 1054949 WEB Oracle Warehouse Builder WB_OLAP_AW_SET_SOLVE_ID SQL Injection -1 (CVE-2011-0799) (old rule) 1054963 WEB Apache HTTP Server Byte-Range DoS (CVE-2011-3192) (old rule) 1055155 WEB Microsoft Forefront Unified Access Gateway NULL Session Cookie Denial of Service (CVE-2011-2012) (old rule) 1055157 WEB Symantec IM Manager Web Interface ProcessAction Code Execution (CVE-2011-0554) (old rule) 1055179 WEB Apache mod_proxy Reverse Proxy Exposure Vulnerability -1 (CVE-2011-3368) (old rule) 1055201 WEB-CLIENT Mozilla Firefox and Thunderbird sensor.dll Insecure Library Loading (CVE-2011-2980) (old rule) 1055210 WEB Microsoft ASP.NET Forms Authentication Elevation of Privilege (CVE-2011-3416) (old rule) 1055225 WEB Microsoft Forefront UAG Default Reflected Cross-site Scripting (CVE-2011-1897) (old rule) 1055233 DNS ISC BIND CNAME RRSIG Query With RPZ Denial of Service (CVE-2011-2465) (old rule) 1055288 RPC Novell Netware XNFS.NLM Caller Name xdrDecodeString Heap Buffer Overflow -1 (CVE-2011-4191) (old rule) 1055389 EXPLOIT HP Data Protector Client EXEC_CMD Command Execution -2 (CVE-2011-0923) (old rule) 1055452 EXPLOIT libpng png_decompress_chunk Integer Overflow -1 (CVE-2011-3026) (old rule) 1055535 WEB Novell iManager Create Attribute EnteredAttrName Buffer Overflow (CVE-2011-4188) (old rule) 1056178 WEB-CLIENT Mozilla Firefox and Thunderbird sensor.dll Insecure Library Loading (CVE-2011-2980) (old rule) 1056195 EXPLOIT NetSupport Manager Client Buffer Overflow -2 (CVE-2011-0404) (old rule) 1056198 EXPLOIT HP OpenView Storage Data Protector EXEC_CMD Buffer Overflow -2 (CVE-2011-1866) (old rule) 1056487 WEB InduSoft Web Studio Unauthenticated Insecure Remote Operations -2 (CVE-2011-4051) (old rule) 1056580 EXPLOIT Novell ZENworks Handheld Management Access Point ZfHIPCND.exe Buffer Overflow (CVE-2011-0742) (old rule) 1056671 WEB HP Data Protector Multiple Flaws Let Remote Users Execute Arbitrary Code (CVE-2011-3162) (old rule)