*** NK8 RELS 3352 Release ***
Total number of signatures: 3225

Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities
and applications as below:

Added 27 rule(s):
---------------
1134166	MALWARE BADRABBIT SMB Activity -2
1134193	SMB Microsoft Windows SMB Server SMBv1 Information Disclosure (CVE-2017-11815)
1134196	FILE Microsoft Windows ATMFD.dll Information Disclosure Vulnerability -1 (CVE-2017-0192)
1134197	FILE Microsoft Windows ATMFD.dll Information Disclosure Vulnerability -2 (CVE-2017-0192)
1134198	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194)
1134199	WEB-CLIENT Microsoft Internet Explorer Scripting Engine Remote Memory Corruption (CVE-2017-0201)
1134200	WEB-CLIENT Microsoft Edge Remote Memory Corruption Vulnerability (CVE-2017-0205)
1134201	WEB-CLIENT Microsoft Edge DoLoopBodyStart Out of Bounds Read -1 (CVE-2017-11811)
1134202	WEB-CLIENT Microsoft Edge DoLoopBodyStart Out of Bounds Read -2 (CVE-2017-11811)
1134203	WEB WordPress WP Mobile Detector 3.5 Shell Upload -1.1 (EDB-39891)
1134204	EXPLOIT OpenVPN Server and Client mss_fixup_ipv6 Denial of Service (CVE-2017-7508)
1134205	WEB WordPress WP Mobile Detector 3.5 Shell Upload -1.2 (EDB-39891)
1134206	DNS Dnsmasq Lack of Free Denial of Service -1.2 (CVE-2017-14495)
1134207	WEB-CLIENT Microsoft Edge Chakra ParseCatch Type Confusion (CVE-2017-11764)
1134208	EXPLOIT Elastic Elasticsearch ThrowableObjectInputStream Insecure Deserialization (CVE-2015-5377)
1134209	WEB Masscan Scanner Activity
1134210	WEB Sysscan Scanner Activity
1134211	WEB-CLIENT Microsoft Edge Remote Memory Corruption Vulnerability (CVE-2017-0234)
1134212	FILE Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0243)
1134213	FILE Microsoft Windows Kernel Win32k.sys Privilege Escalation Vulnerability (CVE-2017-0246)
1134214	FILE Microsoft Malware Protection Engine Remote Code Execution (CVE-2017-0290)
1134215	FILE Ni LabVIEW Memory Corruption Vulnerability (CVE-2017-2775)
1134216	RPC Oracle Solaris RPC CVE-2017-3623 Heap Buffer Overflow -6 (CVE-2017-3623)
1134217	WEB-CLIENT Flexense DiskPulse Client Import Stack Buffer Overflow -1
1134218	DNS Dnsmasq 2-byte Heap-Based Overflow -1.2 (CVE-2017-14491)
1134219	WEB-CLIENT Flexense DiskPulse Client Import Stack Buffer Overflow -2
1134220	FILE Microsoft Office OLE2Link Remote Code Execution -2 (CVE-2017-0199)

Modified 10 rule(s):
---------------
1052009	CA Google Authentication via SSL -1
1063209	P2P eDonkey-eMule access via TCP -2
1068170	P2P eDonkey-eMule access via TCP -3
1133594	FILE Microsoft Office OLE2Link Remote Code Execution -1 (CVE-2017-0199)
1133898	RPC Oracle Solaris RPC CVE-2017-3623 Heap Buffer Overflow -5 (CVE-2017-3623)
1134057	WEB Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution
1134067	DNS Dnsmasq 2-byte Heap-Based Overflow -1.1 (CVE-2017-14491)
1134071	DNS Dnsmasq Lack of Free Denial of Service -1.1 (CVE-2017-14495)
1134180	WEB phpMyAdmin setup.php PHP Code Injection (CVE-2009-1151)
1160085	TERMINAL GoToAssist access via SSL -1

Deleted 25 rule(s):
---------------
1130244	WEB NetBSD tnftp fetch.c fetch_url Command Execution -1 (CVE-2014-8517) (old rule)
1130256	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -1 (CVE-2014-8966) (old rule)
1130257	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6327) (old rule)
1130260	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6376) (old rule)
1130262	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6375) (old rule)
1130263	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6329) (old rule)
1130264	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6330) (old rule)
1130266	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6374) (old rule)
1130268	WEB-CLIENT Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6368) (old rule)
1130270	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6369) (old rule)
1130305	WEB-ACTIVEX PTC IsoView ActiveX Control ViewPort Heap Buffer Overflow (CVE-2014-9267) (old rule)
1130306	WEB ActualAnalyzer ant Cookie Command Execution (OSVDB-110601) (old rule)
1130310	NTP Network Time Protocol daemon Multiple Vulnerabilities -1 (CVE-2014-9295) (old rule)
1130311	FILE Adobe Flash Player CVE-2014-8439 Write-What-Where -1 (CVE-2014-8439) (old rule)
1130316	EXPLOIT QEMU vnc set_pixel_format bits_per_pixel Null Pointer Dereference (CVE-2014-7815) (old rule)
1130318	FTP i-FTP Schedule Buffer Overflow (OSVDB-114279) (old rule)
1130321	WEB ManageEngine NetFlow Analyzer And IT360 Multiple Directory Traversal -1 (old rule)
1130322	WEB ManageEngine NetFlow Analyzer And IT360 Multiple Directory Traversal -2 (old rule)
1130323	SYSLOG RSYSLOG PRI Value Parsing Integer Overflow Denial of Service -1 (CVE-2014-3683) (old rule)
1130327	EXPLOIT ASUSWRT 3.0.0.4.376_1071 LAN Backdoor Command Execution (CVE-2014-9583) (old rule)
1130332	WEB Lexmark MarkVision Enterprise GfdFileUploadServlet Directory Traversal -1 (CVE-2014-8741) (old rule)
1130333	WEB Lexmark MarkVision Enterprise GfdFileUploadServlet Directory Traversal -2 (CVE-2014-8741) (old rule)
1130334	FILE Adobe Flash Player Sandbox Escape improper file validation (CVE-2015-0301) (old rule)
1130348	TELNET Microsoft Windows Telnet Service Buffer Overflow -1 (CVE-2015-0014) (old rule)
1130349	TELNET Microsoft Windows Telnet Service Buffer Overflow -2 (CVE-2015-0014) (old rule)