Rule Update
15-026 (2015年8月11日)
2015年8月11日
概要
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Microsoft Office
1006624 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
1006936 - Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431)
1006940 - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1006937 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467)
1006938 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468)
1006939 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1006941 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1005158* - Restrict Microsoft Office Files With Embedded SWF - 2
OpenSSL
1006855* - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Oracle MySQL InnoDB Memcached Plugin
1005511* - Oracle MySQL Server InnoDB MemCached Remote Denial Of Service Vulnerability
Web Application PHP Based
1006817* - PHP 'phar_parse_tarfile' Memory Corruption Vulnerability
1006819* - PHP DateTime Use After Free Vulnerability (CVE-2015-0273)
1006821* - PHP DateTimeZone Type Confusion Information Disclosure Vulnerability
Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006858* - Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
1006914* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3130)
1006915 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3134)
1006866* - Adobe Flash Player Multiple Use After Free Vulnerabilities
1006863* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3119)
1006864* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3121)
1006913* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3129)
1006919* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3132)
1006918* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4433)
1006943 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5117)
1006885 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2014-8450)
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006944 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006949 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1006950 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1006955 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435)
1006956 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
1006945 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1006951 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463)
1006952 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464)
Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006928 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442)
1006929 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006931 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1006932 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1006933 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450)
1006934 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451)
1006935 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452)
Web Client Mozilla Firefox
1006954 - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)
Web Server Common
1000128* - HTTP Protocol Decoding
Web Server Miscellaneous
1004874* - TimThumb Plugin Remote Code Execution Vulnerability
Web Server RealVNC
1006884 - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)
Windows Services RPC Server
1006906* - Identified Usage Of PsExec Command Line Tool
Integrity Monitoring Rules:
1006803 - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800 - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006802 - TMTR-0003: Suspicious Files Detected In Operating System Directories
1006801 - TMTR-0004: Suspicious Files Detected In Operating System Directories
1006798 - TMTR-0005: Suspicious Files Detected In Application Directories
1006797 - TMTR-0006: Suspicious Files Detected In Application Directories
1006796 - TMTR-0007: Suspicious Files Detected In Application Directories
1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
1006805 - TMTR-0009: Suspicious Files Detected In System Folder
1006804 - TMTR-0010: Suspicious Files Detected In System Folder
1006795 - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799 - TMTR-0014: Suspicious Service Detected
1006684* - TMTR-0015: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
1006691* - TMTR-0017: Microsoft Windows - SAM Domain Account Users Modification Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Microsoft Office
1006624 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
1006936 - Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431)
1006940 - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1006937 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467)
1006938 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468)
1006939 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1006941 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1005158* - Restrict Microsoft Office Files With Embedded SWF - 2
OpenSSL
1006855* - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Oracle MySQL InnoDB Memcached Plugin
1005511* - Oracle MySQL Server InnoDB MemCached Remote Denial Of Service Vulnerability
Web Application PHP Based
1006817* - PHP 'phar_parse_tarfile' Memory Corruption Vulnerability
1006819* - PHP DateTime Use After Free Vulnerability (CVE-2015-0273)
1006821* - PHP DateTimeZone Type Confusion Information Disclosure Vulnerability
Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006858* - Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
1006914* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3130)
1006915 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3134)
1006866* - Adobe Flash Player Multiple Use After Free Vulnerabilities
1006863* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3119)
1006864* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3121)
1006913* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3129)
1006919* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3132)
1006918* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4433)
1006943 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5117)
1006885 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2014-8450)
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006944 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006949 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1006950 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1006955 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435)
1006956 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
1006945 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1006951 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463)
1006952 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464)
Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006928 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442)
1006929 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006931 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1006932 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1006933 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450)
1006934 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451)
1006935 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452)
Web Client Mozilla Firefox
1006954 - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)
Web Server Common
1000128* - HTTP Protocol Decoding
Web Server Miscellaneous
1004874* - TimThumb Plugin Remote Code Execution Vulnerability
Web Server RealVNC
1006884 - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)
Windows Services RPC Server
1006906* - Identified Usage Of PsExec Command Line Tool
Integrity Monitoring Rules:
1006803 - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800 - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006802 - TMTR-0003: Suspicious Files Detected In Operating System Directories
1006801 - TMTR-0004: Suspicious Files Detected In Operating System Directories
1006798 - TMTR-0005: Suspicious Files Detected In Application Directories
1006797 - TMTR-0006: Suspicious Files Detected In Application Directories
1006796 - TMTR-0007: Suspicious Files Detected In Application Directories
1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
1006805 - TMTR-0009: Suspicious Files Detected In System Folder
1006804 - TMTR-0010: Suspicious Files Detected In System Folder
1006795 - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799 - TMTR-0014: Suspicious Service Detected
1006684* - TMTR-0015: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
1006691* - TMTR-0017: Microsoft Windows - SAM Domain Account Users Modification Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.