*** NetKeeper 8.550 Release *** Total number of signatures: 3066 Signature update 8.550 is for NetKeeper series devices. NK6000 (NK6105, NK6210C/F/G) NK3500 (NK3520, NK3550) NK5500 NK5900 NK7210 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Different from the version 8.548 *** Modify 12 Rules: -------------------------------------------------------------------- 1056247 SHELLCODE NOP Sled 1130566 SMB PsEXEc Activity 1133585 FILE Microsoft Windows PDF Library CVE-2017-0023 Information Disclosure (CVE-2017-0023) 1133467 WEB Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection -1.u 1133579 WEB ASUS Multiple Routers WAN Settings Remote Command Injection 1133746 DB Oracle MySQL sql_authentication Integer Overflow -1 (CVE-2017-3599) 1054837 WEB Remote File Inclusion /etc/passwd 1055170 EXPLOIT Generic Arbitrary Command Execution -1 1055164 EXPLOIT Remote Command Execution via Perl -1 1059803 RDP Brute Force Login 1056153 WEB SQL injection select from attempt -3.u 1068616 MEDIA Tudou media via TCP -5 Add 45 Rules: -------------------------------------------------------------------- 1133800 WEB Easy File Sharing HTTP Server 7.2 POST Buffer Overflow (EDB-42186) 1133747 FILE Adobe Acrobat ImageConversion PCX Parsing Out-Of-Bounds Write (CVE-2017-3036) 1133759 WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2 (CVE-2017-0059) 1133774 FILE Microsoft LNK Remote Code Execution Vulnerability (CVE-2017-8464) 1133775 WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8496) 1133776 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524) 1133777 WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8497) 1133778 FILE Adobe Flash Player Memory Corruption (CVE-2017-3078) 1133779 FILE Adobe Flash Use After Free (CVE-2017-3084) 1133780 FILE Adobe Flash Use After Free (CVE-2017-3083) 1133781 FILE Adobe Flash Player Memory Corruption (CVE-2017-3079) 1133782 FILE Adobe Flash Player Memory Corruption (CVE-2017-3082) 1133783 FILE Adobe Flash Use After Free (CVE-2017-3081) 1133801 WEB-CLIENT Microsoft Internet Explorer JoinToString Type Confusion -1 (CVE-2017-0130) 1133803 WEB-CLIENT Microsoft Internet Explorer JoinToString Type Confusion -2 (CVE-2017-0130) 1133806 SMB Microsoft Windows SMB Server SMBv1 CVE-2017-0143 Memory Corruption (CVE-2017-0143) 1133812 SMB Microsoft Windows SMB Server SMBv1 CVE-2017-0144 Memory Corruption (CVE-2017-0144) 1133752 WEB Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Directory Traversal (CVE-2017-3230) 1133785 WEB Joomla! 3.7.0 com_fields SQL Injection -1 (CVE-2017-8917) 1133787 WEB Joomla! 3.7.0 com_fields SQL Injection -2 (CVE-2017-8917) 1133788 WEB Joomla! 3.7.0 com_fields SQL Injection -3 (CVE-2017-8917) 1133789 RMI VMware vSphere Data Protection Java Deserialization (CVE-2017-4914) 1133790 EXPLOIT HP OfficeJet Pro 8210 Remote Code Execution (CVE-2017-2741) 1133791 SSL OpenSSL Encrypt-Then-Mac Renegotiation Denial of Service (CVE-2017-3733) 1133792 WEB Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection -1.b 1133793 WEB-CLIENT Mozilla Firefox createImageBitmap Integer Overflow -1 (CVE-2017-5428) 1133794 WEB-CLIENT Mozilla Firefox createImageBitmap Integer Overflow -2 (CVE-2017-5428) 1133795 WEB-CLIENT Mozilla Firefox createImageBitmap Integer Overflow -3 (CVE-2017-5428) 1133797 DB Oracle MySQL sql_authentication Integer Overflow -2 (CVE-2017-3599) 1133798 WEB-CLIENT Mozilla Firefox http-index-format File Out-Of-Bounds Read (CVE-2017-5444) 1133802 WEB Netgear NETGEAR DGN2200 dnslookup.cgi Remote Command Injection (CVE-2017-6334 ) 1133805 LDAP OpenLDAP ldapsearch pagesize Double Free Denial of Service (CVE-2017-9287) 1133808 FILE VideoLan VLC Media Player ParseJSS Heap Buffer Overflow (CVE-2017-8311) 1133799 WEB-CLIENT Mozilla Firefox SVG Animation Use After Free (CVE-2016-9079) 1133807 FILE Vim modelines Remote Command Execution -3 (CVE-2016-1248) 1133786 SCADA Multiple Siemens SIPROTEC Products EN100 Module CVE-2015-5374 Denial of Service (CVE-2015-5374) 1133765 SCADA WellinTech Kingview SCADA HistoryServer.exe Opcode 3 Heap Buffer Overflow -2 (CVE-2011-4536) 1133770 SCADA Citect Multiple Products ODBC Stack Buffer Overflow -2 (CVE-2008-2639) 1133771 SCADA Citect Multiple Products ODBC Stack Buffer Overflow -3 (CVE-2008-2639) 1133772 SCADA Citect Multiple Products ODBC Stack Buffer Overflow -4 (CVE-2008-2639) 1133773 SCADA Citect Multiple Products ODBC Stack Buffer Overflow -5 (CVE-2008-2639) 1160438 FILE Dropbox transfer via SSL -1 1160439 MEDIA Tudou media via TCP -6 1160440 MEDIA Tudou access via SSL -1 1160441 MEDIA Periscope access via SSL -4 Delete 41 Rules: -------------------------------------------------------------------- 1133387 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability -2 (CVE-2016-7287) 1133418 FILE Adobe Reader DC JPEG2000 CVE-2016-7854 Out-of-Bounds Read (CVE-2016-7854) 1133427 WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability -2 (CVE-2016-7242) 1133429 WEB-CLIENT Microsoft Microsoft Edge Remote Code Execution Vulnerability -2 (CVE-2016-7241) 1133433 FILE Microsoft Windows OpenType Font Memory Corruption (CVE-2016-7256) 1133422 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 85 (Ransomware Attack Vector) 1133423 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 86 (Ransomware Attack Vector) 1133424 WEB-CLIENT Suspicious HTML Iframe Tag -20 (Ransomware Attack Vector) 1133754 NTP Network Time Protocol Daemon peer_xmit mode Denial of Service (CVE-2017-6464) 1133405 DNS ISC BIND DNAME Response Processing Denial of Service (CVE-2016-8864) 1133409 EXPLOIT Memcached process_bin_sasl_auth Integer Underflow -1 (CVE-2016-8706) 1133410 EXPLOIT Memcached process_bin_update body_len Integer Overflow -1 (CVE-2016-8705) 1133411 EXPLOIT Memcached process_bin_update body_len Integer Overflow -2 (CVE-2016-8705) 1133412 EXPLOIT Memcached process_bin_update body_len Integer Overflow -3 (CVE-2016-8705) 1133413 EXPLOIT Memcached process_bin_update body_len Integer Overflow -4 (CVE-2016-8705) 1133414 EXPLOIT Memcached process_bin_update body_len Integer Overflow -5 (CVE-2016-8705) 1133415 EXPLOIT Memcached process_bin_update body_len Integer Overflow -6 (CVE-2016-8705) 1133416 EXPLOIT Memcached process_bin_append_prepend Integer Overflow -1 (CVE-2016-8704) 1133417 EXPLOIT Memcached process_bin_append_prepend Integer Overflow -2 (CVE-2016-8704) 1133419 WEB Netgear R7000 Command Injection -1.2 (CVE-2016-6277) 1133420 SSH OpenSSH kex_input_kexinit Denial of Service (CVE-2016-8858) 1133426 WEB Trend Micro Smart Protection Server ccca_ajaxhandler.php Command Injection -2 (CVE-2016-6266) 1133428 NTP Network Time Protocol Daemon read_mru_list Denial of Service -1 (CVE-2016-7434) 1133430 NTP Network Time Protocol Daemon read_mru_list Denial of Service -2 (CVE-2016-7434) 1133431 NTP Network Time Protocol Daemon read_mru_list Denial of Service -3 (CVE-2016-7434) 1133435 WEB Trend Micro Smart Protection Server ccca_ajaxhandler.php Command Injection -1 (CVE-2016-6266) 1133439 EXPLOIT Vim modelines Remote Command Execution -1 (CVE-2016-1248) 1133440 EXPLOIT Vim modelines Remote Command Execution -2 (CVE-2016-1248) 1133442 WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -1 (CVE-2001-0154) 1133443 WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -2 (CVE-2001-0154) 1133444 WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -3 (CVE-2001-0154) 1133445 WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -4 (CVE-2001-0154) 1133446 WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -5 (CVE-2001-0154) 1133434 EXPLOIT Microsoft RDP Client for Mac Remote Code Execution 1059076 EXPLOIT Wireshark wiretap mpeg.c Stack Buffer Overflow 1059143 WEB LifeSize UVC Authenticated RCE via Ping (EDB-32437) 1059405 WEB Fritz Box Webcam Unauthenticated Command Injection (BID-65520) 1059414 WEB Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution (ZDI-14-069) 1059415 WEB eScan Web Management Console Command Injection 1059523 SCADA Yokogawa CS3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782) 1059566 WEB Symantec Workspace Streaming Arbitrary File Upload -1 (CVE-2014-1649)