New Dragon IPS signatures released.

  • 0
  • 2
  • Article
  • Updated 1 week ago

The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:

 

EDGE:CHAKRA-SCRIPT-CORRUPT10

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8505

REFERENCE: CVE

CVE-2018-8505

 

 

IE:MEMORY-CORRUPTION-RCE-341

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8460

REFERENCE: CVE

CVE-2018-8460

 

 

IE:MEMORY-CORRUPTION-RCE-342

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8491

REFERENCE: CVE

CVE-2018-8491

 

 

MS:JET-DATABASE-ENGINE-RCE-3

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: There is a vulnerability in the Microsoft JET Database Engine that may lead to remote code execution. An attacker who successfully exploited this vulnerability could take control of an affected system. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423

REFERENCE: CVE

CVE-2018-8423

 

 

MS:THEME-API-RCE

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when the Windows Theme API does not properly decompress files. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability. This signature looks for the downloading of a malicious themepack file to the client system.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413

REFERENCE: CVE

CVE-2018-8413

 

 

WINDOWS:SHELL-RCE

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Windows Shell improperly handles URLs. An attacker who exploited this vulnerability could gain the same user rights as the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8495

REFERENCE: CVE

CVE-2018-8495






Photo of Dudley, Jeff

Dudley, Jeff, Employee

  • 994 Points 500 badge 2x thumb

Posted 1 week ago

  • 0
  • 2

Be the first to post a reply!