End of Service Products

New Dragon IPS signatures release July 10 2019

  • 1.  New Dragon IPS signatures release July 10 2019

    Posted 07-10-2019 11:33
    The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:

    EDGE:CHAKRA-SCRIPT-CORRUPT-25
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1062
    REFERENCE: CVE
    CVE-2019-1062


    EDGE:CHAKRA-SCRIPT-CORRUPT-26
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1092
    REFERENCE: CVE
    CVE-2019-1092


    EDGE:CHAKRA-SCRIPT-CORRUPT-27
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1103
    REFERENCE: CVE
    CVE-2019-1103


    EDGE:CHAKRA-SCRIPT-CORRUPT-28
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1106
    REFERENCE: CVE
    CVE-2019-1106


    EDGE:CHAKRA-SCRIPT-CORRUPT-29
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1107
    REFERENCE: CVE
    CVE-2019-1107


    EXCEL:INFO-DISCLOSURE-3
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data. Microsoft has released a patch for this vulnerability. This signature looks for attempts to try to deliver the Excel file to the client system.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1112
    REFERENCE: CVE
    CVE-2019-1112


    IE:MEMORY-CORRUPTION-RCE-347
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1104
    REFERENCE: CVE
    CVE-2019-1104


    IE:MEMORY-CORRUPTION-RCE-348
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1063
    REFERENCE: CVE
    CVE-2019-1063


    IE:SCRIPTING-ENGINE-RCE-75
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1001
    REFERENCE: CVE
    CVE-2019-1001


    IE:SCRIPTING-ENGINE-RCE-76
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1004
    REFERENCE: CVE
    CVE-2019-1004


    MS:RDP-CLIENT-INFO-DISCLOSURE
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1108
    REFERENCE: CVE
    CVE-2019-1108