End of Service Products

New Dragon IPS signatures release June 12 2019

  • 1.  New Dragon IPS signatures release June 12 2019

    Posted 06-12-2019 11:54
    The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:

    EDGE:CHAKRA-SCRIPT-CORRUPT-18
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0992
    REFERENCE: CVE
    CVE-2019-0992


    EDGE:CHAKRA-SCRIPT-CORRUPT-19
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0993
    REFERENCE: CVE
    CVE-2019-0993


    EDGE:CHAKRA-SCRIPT-CORRUPT-20
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1002
    REFERENCE: CVE
    CVE-2019-1002


    EDGE:CHAKRA-SCRIPT-CORRUPT-21
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1003
    REFERENCE: CVE
    CVE-2019-1003


    EDGE:CHAKRA-SCRIPT-CORRUPT-22
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1024
    REFERENCE: CVE
    CVE-2019-1024


    EDGE:CHAKRA-SCRIPT-CORRUPT-23
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1051
    REFERENCE: CVE
    CVE-2019-1051


    EDGE:CHAKRA-SCRIPT-CORRUPT-24
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1052
    REFERENCE: CVE
    CVE-2019-1052


    EDGE:INFO-DISCLOSURE14
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: An information disclosure vulnerability exists when a Microsoft browser incorrectly handles objects in memory. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0990
    REFERENCE: CVE
    CVE-2019-0990


    EDGE:INFO-DISCLOSURE15
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1023
    REFERENCE: CVE
    CVE-2019-1023


    EDGE:SCRIPT-ENG-MEM-CORRUPT-114
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0989
    REFERENCE: CVE
    CVE-2019-0989


    EDGE:SCRIPT-ENG-MEM-CORRUPT-115
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0991
    REFERENCE: CVE
    CVE-2019-0991


    IE:SCRIPTING-ENGINE-RCE-66
    UPDATE-TYPE: Modified Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0752
    REFERENCE: CVE
    CVE-2019-0752


    IE:SCRIPTING-ENGINE-RCE-71
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0988
    REFERENCE: CVE
    CVE-2019-0988


    IE:SCRIPTING-ENGINE-RCE-72
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1005
    REFERENCE: CVE
    CVE-2019-1005


    IE:SCRIPTING-ENGINE-RCE-73
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0920
    REFERENCE: CVE
    CVE-2019-0920


    IE:SCRIPTING-ENGINE-RCE-74
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1055
    REFERENCE: CVE
    CVE-2019-1055


    MS:RDP-EXPLOIT-ATTEMPT5
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability. The vulnerability affects Windows 7 and Windows Server 2008. An exploit PoC exists for this vulnerability, with the potential to be wormable.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
    REFERENCE: CVE
    CVE-2019-0708


    MS:SPEECHAPI-RCE
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This signature requires the HTTP:PDF-FILE-DOWNLOAD signature to be enabled to work. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0985
    REFERENCE: CVE
    CVE-2019-0985