Rule Update
15-010 (March 24, 2015)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DHCP Server
1001840* - Restrict DHCP Option Length
Database MySQL
1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability
Microsoft Office
1004266* - Identified Suspicious Microsoft Office Document
1006322* - Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334)
1004848* - Microsoft Office Excel Data Initialization Vulnerability (CVE-2011-0105)
1005747* - Microsoft Silverlight Invalid Typecast Memory Disclosure Vulnerability
1006583 - Microsoft Silverlight Invalid Typecast Memory Disclosure Vulnerability (CVE-2013-0074)
NTP Server Linux
1006435* - Network Time Protocol configure() and ctl_putdata() Stack Based Buffer Overflow Vulnerability
OpenSSL
1006541* - Openssl DTLS 'dtls1_buffer_record' Memory Exhaustion Denial Of Service Vulnerability (CVE-2015-0206)
OpenSSL Client
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)
Solr Service
1006448 - Apache Solr SolrResourceLoader Directory Traversal Vulnerability
Web Application PHP Based
1006559* - PHPMoAdmin Unauthorized Remote Code Execution Vulnerability
Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006521* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-0327)
1006595 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-0338)
1006352* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0576)
1006451* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8438)
1006515* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0318)
1006594 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0337)
1006593 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0339)
1006596 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0332)
1006588 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0335)
1006589 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006584 - Adobe Flash Player Remote Memory Corruption Vulnerability (CVE-2013-0634) -1
1006592 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-0340)
1006597 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-0334)
1006591 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0341)
1006590 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0342)
1004866* - Adobe Flex SDK Cross Site Scripting Vulnerability (CVE-2011-2461)
1006551* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0091)
1006553* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0092)
1006587 - Adobe Reader And Acrobat U3D File Invalid Array Index Remote Vulnerability (CVE-2009-2990)
1004552* - Adobe TIFF File Vulnerability - 3
1006442* - Identified Suspicious Obfuscated JavaScript - 2
1006599 - Identified Suspicious Obfuscated JavaScript – 3
1005170* - Java Applet Remote Code Execution Vulnerability
1006545 - Microsoft Office CGM Image Converter Buffer Overflow Vulnerability
1006598 - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over WebDav (CVE-2015-0096)
1004226* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability
1006582 - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability (CVE-2010-1885)
1006577* - Microsoft Windows Text Service Remote Code Execution Vulnerability (CVE-2015-0081)
1006536 - Oracle Java SE Hotspot Object Arbitrary Code Execution Vulnerability (CVE-2015-0395)
1006585 - Oracle Java SE Remote Java Runtime Environment Vulnerability (CVE-2012-0507) -1
1004867* - Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
1005924* - Restrict Download Of EICAR Test File Over HTTP
Web Client Internet Explorer
1006603 - Microsoft Internet Explorer CSS Parsing Remote Code Execution (CVE-2010-3971)
1006564* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0099)
1006570* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0100)
1006565* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1622)
1005908* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-0322)
1005911* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-0322) - 3
1006557 - Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability
1006324* - Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332)
Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic
Web Server Apache
1006027* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2014-0098)
Web Server Common
1005434* - Disallow Upload Of A File (Php/Class/Archive)
Windows Services RPC Client
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006558 - Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability - 1
Windows Services RPC Server
1006579 - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
Integrity Monitoring Rules:
1003019* - Trend Micro Deep Security Agent
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DHCP Server
1001840* - Restrict DHCP Option Length
Database MySQL
1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability
Microsoft Office
1004266* - Identified Suspicious Microsoft Office Document
1006322* - Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334)
1004848* - Microsoft Office Excel Data Initialization Vulnerability (CVE-2011-0105)
1005747* - Microsoft Silverlight Invalid Typecast Memory Disclosure Vulnerability
1006583 - Microsoft Silverlight Invalid Typecast Memory Disclosure Vulnerability (CVE-2013-0074)
NTP Server Linux
1006435* - Network Time Protocol configure() and ctl_putdata() Stack Based Buffer Overflow Vulnerability
OpenSSL
1006541* - Openssl DTLS 'dtls1_buffer_record' Memory Exhaustion Denial Of Service Vulnerability (CVE-2015-0206)
OpenSSL Client
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)
Solr Service
1006448 - Apache Solr SolrResourceLoader Directory Traversal Vulnerability
Web Application PHP Based
1006559* - PHPMoAdmin Unauthorized Remote Code Execution Vulnerability
Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006521* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-0327)
1006595 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-0338)
1006352* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0576)
1006451* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8438)
1006515* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0318)
1006594 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0337)
1006593 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0339)
1006596 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0332)
1006588 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0335)
1006589 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006584 - Adobe Flash Player Remote Memory Corruption Vulnerability (CVE-2013-0634) -1
1006592 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-0340)
1006597 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-0334)
1006591 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0341)
1006590 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0342)
1004866* - Adobe Flex SDK Cross Site Scripting Vulnerability (CVE-2011-2461)
1006551* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0091)
1006553* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0092)
1006587 - Adobe Reader And Acrobat U3D File Invalid Array Index Remote Vulnerability (CVE-2009-2990)
1004552* - Adobe TIFF File Vulnerability - 3
1006442* - Identified Suspicious Obfuscated JavaScript - 2
1006599 - Identified Suspicious Obfuscated JavaScript – 3
1005170* - Java Applet Remote Code Execution Vulnerability
1006545 - Microsoft Office CGM Image Converter Buffer Overflow Vulnerability
1006598 - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over WebDav (CVE-2015-0096)
1004226* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability
1006582 - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability (CVE-2010-1885)
1006577* - Microsoft Windows Text Service Remote Code Execution Vulnerability (CVE-2015-0081)
1006536 - Oracle Java SE Hotspot Object Arbitrary Code Execution Vulnerability (CVE-2015-0395)
1006585 - Oracle Java SE Remote Java Runtime Environment Vulnerability (CVE-2012-0507) -1
1004867* - Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
1005924* - Restrict Download Of EICAR Test File Over HTTP
Web Client Internet Explorer
1006603 - Microsoft Internet Explorer CSS Parsing Remote Code Execution (CVE-2010-3971)
1006564* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0099)
1006570* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0100)
1006565* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1622)
1005908* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-0322)
1005911* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-0322) - 3
1006557 - Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability
1006324* - Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332)
Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic
Web Server Apache
1006027* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2014-0098)
Web Server Common
1005434* - Disallow Upload Of A File (Php/Class/Archive)
Windows Services RPC Client
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006558 - Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability - 1
Windows Services RPC Server
1006579 - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
Integrity Monitoring Rules:
1003019* - Trend Micro Deep Security Agent
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more