End of Service Products

New Dragon IPS signatures released.

  • 1.  New Dragon IPS signatures released.

    Posted 10-10-2018 09:18
    The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:



    EDGE:CHAKRA-SCRIPT-CORRUPT10

    UPDATE-TYPE: New Signature

    CLASSIFICATION: BETA

    DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

    REFERENCE: URLREF

    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8505

    REFERENCE: CVE

    CVE-2018-8505





    IE:MEMORY-CORRUPTION-RCE-341

    UPDATE-TYPE: New Signature

    CLASSIFICATION: BETA

    DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

    REFERENCE: URLREF

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8460

    REFERENCE: CVE

    CVE-2018-8460





    IE:MEMORY-CORRUPTION-RCE-342

    UPDATE-TYPE: New Signature

    CLASSIFICATION: BETA

    DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

    REFERENCE: URLREF

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8491

    REFERENCE: CVE

    CVE-2018-8491





    MS:JET-DATABASE-ENGINE-RCE-3

    UPDATE-TYPE: New Signature

    CLASSIFICATION: BETA

    DESCRIPTION: There is a vulnerability in the Microsoft JET Database Engine that may lead to remote code execution. An attacker who successfully exploited this vulnerability could take control of an affected system. Microsoft has released a patch for this vulnerability.

    REFERENCE: URLREF

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423

    REFERENCE: CVE

    CVE-2018-8423





    MS:THEME-API-RCE

    UPDATE-TYPE: New Signature

    CLASSIFICATION: BETA

    DESCRIPTION: A remote code execution vulnerability exists when the Windows Theme API does not properly decompress files. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability. This signature looks for the downloading of a malicious themepack file to the client system.

    REFERENCE: URLREF

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413

    REFERENCE: CVE

    CVE-2018-8413





    WINDOWS:SHELL-RCE

    UPDATE-TYPE: New Signature

    CLASSIFICATION: BETA

    DESCRIPTION: A remote code execution vulnerability exists when Windows Shell improperly handles URLs. An attacker who exploited this vulnerability could gain the same user rights as the current user. Microsoft has released a patch for this vulnerability.

    REFERENCE: URLREF

    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8495

    REFERENCE: CVE

    CVE-2018-8495