Rule Update

18-050 (September 11, 2018)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
1004696* - SMB Request Parsing Vulnerability (CVE-2011-1267)


DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1004762* - Data Access Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1975)
1005261* - Foxit Reader Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004878* - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019)
1004946* - Microsoft Expression Design Insecure Library Loading Vulnerability Over Network Share (CVE-2012-0016)
1005050* - Microsoft Lync Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1849)
1004730* - Microsoft Visio Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3148)
1005080* - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1005280* - Microsoft Windows Briefcase Integer Underflow Vulnerability Over Network Share (CVE-2012-1527)
1004697* - OLE Automation Underflow Vulnerability ( CVE-2011-0658 )
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004741* - Oracle Java JRE Insecure Executable Loading Vulnerability Over Network Share
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004692* - SMB Response Parsing Vulnerability (CVE-2011-1268)
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1005081* - Vulnerability In Windows Shell Could Allow Remote Code Execution (CVE-2012-0175)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
1004843* - Windows Mail Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2016)


Database IBM DB2
1003956* - IBM DB2 kuddb2 DoS


EMC Data Protector Advisor
1008814 - EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass Vulnerability (CVE-2017-8013)


RTMP Client
1005000* - Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
1005456* - Adobe Flash Player Remote Arbitrary Code Execution Vulnerability (CVE-2013-2555)


Remote Desktop Protocol Server
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)


Suspicious Client Ransomware Activity
1007706* - Ransomware Network Traffic - 3


Symantec Alert Management System
1003488* - Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability


Web Application Common
1009272 - Ghostscript '.rsdparams' Type Confusion Vulnerability (CVE-2017-8291) - 1


Web Application PHP Based
1006432* - WordPress Slider Revolution Responsive/Showbiz Pro Responsive Teaser Multiple Security Bypass Vulnerabilities (CVE-2014-9735)


Web Client Common
1009271 - Ghostscript '.rsdparams' Type Confusion Vulnerability (CVE-2017-8291)
1009280 - Microsoft Windows Kernel Information Disclosure Vulnerability (CVE-2018-8442)
1009279 - Microsoft Windows MSXML Remote Code Execution Vulnerability (CVE-2018-8420)
1009290 - Microsoft Windows Multiple Security Vulnerabilities (Sep-2018)
1009293 - Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8475)
1009270* - Microsoft Windows Task Scheduler ALPC Privilege Escalation Vulnerability (CVE-2018-8440)


Web Client Internet Explorer/Edge
1009276 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8367)
1009277 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8391)
1009287 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8466)
1009288 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8467)
1009286 - Microsoft Edge PDF Remote Code Execution Vulnerability (CVE-2018-8464)
1009283 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8456)
1009284 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8459)
1009281 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8447)
1009285 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8461)
1009289 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2018-8470)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories