New Dragon Signature release 1/9/2019

  • 9 January 2019
  • 0 replies
  • 55 views

Userlevel 2
The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:

EDGE:CHAKRA-SCRIPT12
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0539
REFERENCE: CVE
CVE-2019-0539


EDGE:CHAKRA-SCRIPT13
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0567
REFERENCE: CVE
CVE-2019-0567


EDGE:MEMORY-CORRUPTION-RCE-58
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0565
REFERENCE: CVE
CVE-2019-0565


EDGE:PRIVILEGE-ESCALATION
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object. An attacker who successfully exploited the vulnerability could use the Browser Broker COM object to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0566
REFERENCE: CVE
CVE-2019-0566


EDGE:SCRIPT-ENG-MEM-CORRUPT-96
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0568
REFERENCE: CVE
CVE-2019-0568


IE:MSHTML-REMOTE-CODE
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541
REFERENCE: CVE
CVE-2019-0541

0 replies

Be the first to reply!

Reply