Header Only - DO NOT REMOVE - Extreme Networks

New Dragon IPS signatures released.


Userlevel 2
The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:



EDGE:CHAKRA-SCRIPT-CORRUPT10

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8505

REFERENCE: CVE

CVE-2018-8505





IE:MEMORY-CORRUPTION-RCE-341

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8460

REFERENCE: CVE

CVE-2018-8460





IE:MEMORY-CORRUPTION-RCE-342

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8491

REFERENCE: CVE

CVE-2018-8491





MS:JET-DATABASE-ENGINE-RCE-3

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: There is a vulnerability in the Microsoft JET Database Engine that may lead to remote code execution. An attacker who successfully exploited this vulnerability could take control of an affected system. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423

REFERENCE: CVE

CVE-2018-8423





MS:THEME-API-RCE

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when the Windows Theme API does not properly decompress files. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability. This signature looks for the downloading of a malicious themepack file to the client system.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413

REFERENCE: CVE

CVE-2018-8413





WINDOWS:SHELL-RCE

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Windows Shell improperly handles URLs. An attacker who exploited this vulnerability could gain the same user rights as the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8495

REFERENCE: CVE

CVE-2018-8495

0 replies

Be the first to reply!

Reply