TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 16, 2017

Various forms of fuzzing techniques that search for vulnerabilities in software programs have been around for several decades, but it can a tedious task, especially when looking at an entire enterprise application. Earlier this week, Zero Day Initiative (ZDI) vulnerability researcher Abdul-Aziz Hariri published a blog detailing how to fuzz the image conversion feature of Foxit Reader without fuzzing the entire application. He goes into detail on why fuzzing components of an application separately is definitely a time saver, and how it can make case analysis easier to manage. The techniques covered can be applied to other software as well. In fact, ZDI researchers have implemented something similar for the Windows PDF Library that helps the team analyze cases faster, rather than going through Microsoft Edge. For a detailed analysis and demo on how this works, you can read the blog here.

Adobe Security Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before October 17, 2017. The following table maps Digital Vaccine filters to the Adobe updates. You can get more detailed information on this month’s security updates from Dustin Childs’ October 2017 Security Update Review from the Zero Day Initiative:

Microsoft Update

This week’s Digital Vaccine® (DV) package also includes additional coverage for Microsoft updates released on or before October 10, 2017.

Zero-Day Filters

There are 11 new zero-day filters covering eight vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Adobe (2)

|

• 29742: ZDI-CAN-5074: Zero Day Initiative Vulnerability (Adobe Flash)
• 29743: ZDI-CAN-5075: Zero Day Initiative Vulnerability (Adobe Flash)
  —|—
  |

Advantech (1)

|

• 29711: HTTP: Advantech WebAccess rmTemplate.aspx SQL Injection Vulnerability (ZDI-17-712)
  —|—
  |

EMC (1)

|

• 29736: HTTP: EMC Data Protection Advisor ScheduledReportResource preScript Parameter Usage (ZDI-17-812)_ _
  —|—
  |

Hewlett Packard Enterprise (3)

|

• 27705: HTTP: HPE Application Performance Management System Health Authentication Bypass (ZDI-17-722)
• 29748: TCP: HPE Intelligent Management Center imcwlandm SSID Buffer Overflow Vulnerability (ZDI-17-316)
• 29749: TCP: HPE Intelligent Management Center imcwlandm UserName Buffer Overflow Vulnerability (ZDI-17-317)
  —|—
  |

Microsoft (1)

|

• 29744: ZDI-CAN-5077: Zero Day Initiative Vulnerability (Microsoft Edge)
  —|—
  |

Netgear (1)

|

• 29751: ZDI-CAN-5083: Zero Day Initiative Vulnerability (NETGEAR Nighthawk)
  —|—
  |

Trend Micro (1)

|

• 29700: HTTP: Trend Micro Mobile Security Enterprise URI SQL Injection (ZDI-17-787,788,792-794,800-806)
  —|—
  |

Wecon (1)

|

• 29752: ZDI-CAN-5085: Zero Day Initiative Vulnerability (WECON LeviStudio)
  —|—
  |

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.