*** EX RELS 03372 Release *** Total number of signatures: 6009 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 10 rule(s): --------------- 1134491 WEB Electron setAsDefaultProtocolClient Command Injection -1 (CVE-2018-1000006) 1134534 WEB-CLIENT Microsoft Edge COptionsCollectionCacheItem Out of Bounds Read -3 (CVE-2017-8734) 1134535 WEB-CLIENT Microsoft Edge Chakra AsmJSByteCodeGenerator EmitCall Type Confusion -3 (CVE-2018-0780) 1134536 WEB Jenkins Plugin Resources Directory Traversal (CVE-2018-6356) 1160871 UPDATE McAfee access via SSL -1 1160884 UPDATE Jiangmin access via TCP -1 1160891 UPDATE Sophos access via SSL -1 1160892 UPDATE Panda access via TCP -1 1160895 VOIP LINE access via SSL -10 1160896 UPDATE Rising access via TCP -1 Modified 9 rule(s): --------------- 1060268 UPDATE NOD32 transfer via TCP -1 1064107 UPDATE BitDefender transfer via TCP -1 1069353 IM WhatsApp login via TCP -3 1080021 SG - TUNNEL ExpressVPN access via UDP 1133981 FILE Microsoft Office Composite Moniker Code Execution -1 (CVE-2017-8570) 1134002 FILE Microsoft .NET Framework Remote Code Execution (CVE-2017-8759) 1134017 WEB Apache Tomcat HTTP PUT Windows Remote Code Execution -1 (CVE-2017-12615) 1134020 WEB Apache HTTP OPTIONS Memory Leak (CVE-2017-9798) 1160114 MEDIA Pandora access via SSL -1 Deleted 39 rule(s): --------------- 1052613 GAME Cga.com access via TCP -1 (old rule) 1054114 WEB-IM imo.im login via SSL -1 (old rule) 1054905 EXPLOIT HP Data Protector Client EXEC_CMD Command Execution -1 (CVE-2011-0923) (old rule) 1054906 EXPLOIT HP Data Protector Backup Client Service GET_FILE Buffer Overflow (CVE-2011-1729) (old rule) 1054994 EXPLOIT HP Data Protector Manager RDS DoS (CVE-2011-0514) (old rule) 1055057 EXPLOIT Microsoft Windows Insecure Library Loading (CVE-2011-1991) (old rule) 1055061 WEB Oracle Secure Backup Administration Server validate_login Command Injection -1 (CVE-2011-2261) (old rule) 1055146 SIP Digium Asterisk SIP Channel Driver Denial Of Service -1 (CVE-2011-4063) (old rule) 1055454 NETBIOS Samba smbd Packets Chaining AndX Offset Infinite Loop -1 (CVE-2012-0870) (old rule) 1055482 WEB LANDesk Lenovo ThinkManagement Console Remote Command Execution -1 (CVE-2012-1195) (old rule) 1055483 WEB IBM IBM Tivoli Provisioning Manager Express User.updateUserValue SQL Injection -1 (CVE-2012-0199) (old rule) 1055510 EXPLOIT Microsoft .NET Framework Heap Buffer Overflow -1 (CVE-2012-0163) (old rule) 1055521 NETBIOS Microsoft Windows Object Packager Insecure Executable Loading (CVE-2012-0009) (old rule) 1055526 EXPLOIT Microsoft .NET Framework Heap Corruption -1 (CVE-2012-0015) (old rule) 1055771 SSL GnuTLS libtasn1 ASN1 Length DER Decoding Buffer Overflow -2 (CVE-2012-1569) (old rule) 1056045 DB IBM solidDB Redundant WHERE Clause Denial Of Service -2 (CVE-2012-0200) (old rule) 1056084 DB Oracle Database TNS Listener Service Registration Lack of Authentication (CVE-2012-1675) (old rule) 1056098 SNMP RealNetworks Helix Server SNMP Master Agent Open-PDU Processing Denial of Service (CVE-2012-1923) (old rule) 1056101 EXPLOIT GIMP script-fu Server Buffer Overflow -1 (CVE-2012-2763) (old rule) 1056122 SIP Digium Asterisk Skinny Channel NULL-Pointer Dereference (CVE-2012-2948) (old rule) 1056150 EXPLOIT Microsoft Lync Insecure Library Loading -2 (CVE-2012-1849) (old rule) 1056219 FILE Apple iTunes m3u Playlist Multiple Buffer Overflows -1 (CVE-2012-0677) (old rule) 1056230 SMB Microsoft Windows Shell File Name Code Execution-1 (CVE-2012-0175) (old rule) 1056546 EXPLOIT EMC AutoStart ftAgent.exe Multiple Integer Overflow Vulnerabilities -1 (CVE-2012-0409) (old rule) 1056598 RPC EMC NetWorker nsrd Format String Remote Code Execution -1 (CVE-2012-2288) (old rule) 1056599 RPC EMC NetWorker nsrd Stack Buffer Overflow (CVE-2012-2288) (old rule) 1063150 GAME Cga.com login via TCP -1 (old rule) 1063168 WEB-IM imo.im access via TCP -1 (old rule) 1063195 GAME Cga.com login via TCP -2 (old rule) 1063591 GAME Cga.com login via TCP -3 (old rule) 1063801 MAIL Aikq access via SSL -1 (old rule) 1063802 MAIL Arcor login via SSL -1 (old rule) 1063803 MAIL Bluewin login via SSL -1 (old rule) 1063804 MAIL Directbox login via SSL -1 (old rule) 1063805 MAIL Freenet login via SSL -1 (old rule) 1063806 MAIL Smart login via SSL -1 (old rule) 1063807 MAIL WEB.DE login via SSL -1 (old rule) 1063808 MAIL Webmail.de login via TCP -1 (old rule) 1063885 MAIL Nate login via TCP -1 (old rule)