Saturday, November 2, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Security TrendMicro 

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 27, 2017

admin , ,

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 31 Mar 2017 12:00:49 +0000

The world lost a funny, talented and wonderful soul late last week. I only knew him for a year, but Raimund Genes made those of us who came to Trend Micro via the TippingPoint acquisition feel right at home. I appreciated his candor, his love of life and his creative cocktails. He was a tremendous part of the Trend Micro family and he will be sorely missed. I offer my sincerest condolences to his family. Rest in peace, my friend.

 

DVToolkit CSW File Available for Microsoft IIS ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)

Earlier this week, TippingPoint released DVToolkit CSW file CVE-2017-7269.csw. This filter detects a buffer overflow vulnerability in Microsoft Internet Information Services (IIS). The specific flaw is due to how the ScStoragePathFromUrl function handles an overly long IF header. A successful attack could result in arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This CSW filter will be replaced by DV mainline filter 27643.

Common Vulnerabilities and Exposures

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7269

Discoverer Advisory

https://github.com/edwardz246003/IIS_exploit

For the latest DVToolkit filters, customers can visit the Threat Management Center (TMC) website at https://tmc.tippingpoint.com and navigate to Releases > CSW Files. For questions or technical assistance, customers can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). 

Zero-Day Filters

There are 11 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (1)

  • 27557: ZDI-CAN-4433: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 

Google (1)

  • 27551: ZDI-CAN-4429: Zero Day Initiative Vulnerability (Google Chrome)

Hewlett Packard Enterprise (1)

  • 27547: ZDI-CAN-4425: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 

Trend Micro (8)

  • 27318: HTTPS: Trend Micro Control Manager dlp_policy.php Directory Traversal (ZDI-17-070 – 072)
  • 27411: HTTPS: Trend Micro SafeSync storage.pm device_id role Command Injection (ZDI-17-122 – 124)
  • 27494: HTTPS: Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal (ZDI-17-067 – 069)
  • 27506: HTTPS: Trend Micro Control Manager download Directory Traversal Vulnerability (ZDI-17-061 – 062)
  • 27513: ZDI-CAN-4411: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
  • 27515: HTTPS: Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal(ZDI-17-064 – 066)
  • 27544: HTTPS: Trend Micro SafeSync for Enterprise discovery_iscsi_device Command Injection (ZDI-17-116)
  • 27546: HTTPS: Trend Micro SafeSync for Enterprise restartService Command Injection (ZDI-17-130)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity