TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 5, 2018
Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 09 Feb 2018 16:55:38 +0000
It was a busy week in the cyber security world, but it shouldn’t be surprising given that the 2018 Winter Olympics in Pyeongchang have begun. I shouldn’t blame just the Olympics, but it’s hard not to given the international focus, controversy around the ban of certain athletes and its proximity to a certain country. So let’s jump right in…
Adobe Flash Player
Earlier this week, Adobe released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123. Both bugs are classified as use-after-free vulnerabilities that can result in remote code execution. The vulnerability that is being actively exploited (CVE-2018-4878) was found by Kr-CERT/CC, South Korea’s national computer emergency response team. The other vulnerability (CVE-2018-4877) came through our Zero Day Initiative via “bo13oy” of Qihoo 360’s Vulcan Team.
This week’s Digital Vaccine® (DV) package includes coverage for the Adobe Flash vulnerabilities. The following table maps Digital Vaccine filters to the Adobe updates:
| Bulletin # | CVE # | Digital Vaccine Filter # | Status |
| APSB18-03 | CVE-2018-4877 | 30346 | |
| APSB18-03 | CVE-2018-4878 | 30343 |
WordPress “load-script” Usage Vulnerability
On Tuesday, we released DVToolkit CSW file CVE-2018-6389.csw for the WordPress “load-script” usage vulnerability. This filter detects usage of load-scripts.php in WordPress. The load-scripts.php is a built-in script in WordPress that processes user-defined requests. Due to insufficient validation, any user can send large amounts of requests for processing which could cause system resource exhaustion and result in a denial-of-service condition. User authentication is not required to exploit this vulnerability. Customers using TippingPoint solutions should note that the CSW filter will be obsoleted by DV filter 30356.
Cisco ASA WebVPN Host Scan Memory Corruption Vulnerability
We also released DVToolkit CSW file CVE-2018-0101.csw for the Cisco ASA WebVPN Host Scan Memory Corruption Vulnerability. This filter detects an attempt to exploit a memory corruption vulnerability in the Cisco Adaptive Security Appliance (ASA). The specific flaw is due to a failure to properly allocate memory when parsing the host-scan-reply tag. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. Authentication is not required to exploit this vulnerability. Customers using TippingPoint solutions should note that the CSW filter will be obsoleted by DV filter 30369.
Zero-Day Filters
There are 11 new zero-day filters covering five vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.
Foxit (6)
| |
Hewlett Packard Enterprise (2)
| |
Microsoft (1)
| |
Quest (1)
| |
Trend Micro (1)
| |
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.