TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 14, 2017

2017-08-18T12:00:42
ID TRENDMICROBLOG:3BC4D55C7B197F32FEF9A2D171ACD8AB
Type trendmicroblog
Reporter Elisa Lippincott (TippingPoint Global Product Marketing)
Modified 2017-08-18T12:00:42

Description

One of my favorite movies is the 1999 comedy “Galaxy Quest,” which features the cast of a science-fiction television series similar to Star Trek. In the movie, the crew is visited by real aliens who ask them for help against an intergalactic adversary because they believe that Galaxy Quest is a documentary of historical documents – not a TV show. There’s a scene in the movie where someone pressed the button that destroys the ship. The crew makes it to the center of the ship where they can stop the process but the stop button doesn’t work. The countdown to destruction continues, but when the clock hits one second, it stops. Why? Because on a TV show, the clock always stops at one second before total destruction.

Sometimes, we can’t control the script of our real-life security world and the clock doesn’t stop at one second. Yesterday, the Zero Day Initiative (ZDI) published two zero-day advisories for vulnerabilities in Foxit Reader per the guidelines outlined in the ZDI disclosure policy. The two advisories, ZDI-17-691 and ZDI-17-692, allow remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. For more detailed analysis of the Foxit Reader vulnerabilities, you can read the ZDI blog: Busting Myths in Foxit Reader.

Adobe Security Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before August 8, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an (*) shipped prior to this week’s DV package, providing zero-day protection for our customers. You can get more detailed information on this month’s security updates from Dustin Childs’ August 2017 Security Update Review from the Zero Day Initiative:

Bulletin # | CVE # | Digital Vaccine Filter # | Status
---|---|---|---
APSB17-23 | CVE-2017-3085 | | Local Only
APSB17-23 | CVE-2017-3106 | 29353 |
APSB17-24 | CVE-2017-3113 | 26537 |
APSB17-24 | CVE-2017-3115 |
27233 |
APSB17-24 | CVE-2017-3116 | 29354 |
APSB17-24 | CVE-2017-3117 | | Vendor Deemed Reproducibility or Exploitation Unlikely
APSB17-24 | CVE-2017-3118 | 29358 |
APSB17-24 | CVE-2017-3119 | 29359 |
APSB17-24 | CVE-2017-3120 | 27751 |
APSB17-24 | CVE-2017-3121 |
27948 |
APSB17-24 | CVE-2017-3122 | 28005 |
APSB17-24 | CVE-2017-3123 |
28032 |
APSB17-24 | CVE-2017-3124 | 28034 |
APSB17-24 | CVE-2017-11209 |
28035 |
APSB17-24 | CVE-2017-11210 | 28092 |
APSB17-24 | CVE-2017-11211 |
28218 |
APSB17-24 | CVE-2017-11212 | 28100 |
APSB17-24 | CVE-2017-11214 |
28216 |
APSB17-24 | CVE-2017-11216 | 27821 |
APSB17-24 | CVE-2017-11217 |
27812 |
APSB17-24 | CVE-2017-11218 | 27753 |
APSB17-24 | CVE-2017-11219 |
27820 |
APSB17-24 | CVE-2017-11220 | 29360 |
APSB17-24 | CVE-2017-11221 | 29413 |
APSB17-24 | CVE-2017-11222 | 29352 |
APSB17-24 | CVE-2017-11223 | 28202 |
APSB17-24 | CVE-2017-11224 |
28202 |
APSB17-24 | CVE-2017-11226 | 29349 |
APSB17-24 | CVE-2017-11227 | 28473 |
APSB17-24 | CVE-2017-11228 |
28475 |
APSB17-24 | CVE-2017-11229 | 29361 |
APSB17-24 | CVE-2017-11230 | 28476 |
APSB17-24 | CVE-2017-11231 |
28478 |
APSB17-24 | CVE-2017-11232 | 28479 |
APSB17-24 | CVE-2017-11233 |
28481 |
APSB17-24 | CVE-2017-11234 | 28543 |
APSB17-24 | CVE-2017-11235 | 29362 |
APSB17-24 | CVE-2017-11236 | 29363 |
APSB17-24 | CVE-2017-11237 | 29370 |
APSB17-24 | CVE-2017-11238 | 29371 |
APSB17-24 | CVE-2017-11239 |
28544 |
APSB17-24 | CVE-2017-11241 | 28547 |
APSB17-24 | CVE-2017-11242 | 28480, 28548 |
APSB17-24 | CVE-2017-11243 |
28663 |
APSB17-24 | CVE-2017-11244 | 28664 |
APSB17-24 | CVE-2017-11245 |
28666 |
APSB17-24 | CVE-2017-11246 | 29414 |
APSB17-24 | CVE-2017-11248 | 28463 |
APSB17-24 | CVE-2017-11249 |
28464 |
APSB17-24 | CVE-2017-11251 | 29418 |
APSB17-24 | CVE-2017-11252 | 28477 |
APSB17-24 | CVE-2017-11254 | 29350 |
APSB17-24 | CVE-2017-11255 |
28741 |
APSB17-24 | CVE-2017-11256 | 28735 |
APSB17-24 | CVE-2017-11257 |
28734 |
APSB17-24 | CVE-2017-11258 | 28732 |
APSB17-24 | CVE-2017-11259 |
28733 |
APSB17-24 | CVE-2017-11260 | 28731 |
APSB17-24 | CVE-2017-11261 |
28730 |
APSB17-24 | CVE-2017-11262 | 29355 |
APSB17-24 | CVE-2017-11263 | 29369 |
APSB17-24 | CVE-2017-11265 | *28916 |
APSB17-24 | CVE-2017-11267 | 29364 |
APSB17-24 | CVE-2017-11268 | 29365 |
APSB17-24 | CVE-2017-11269 | 29366 |
APSB17-24 | CVE-2017-11270 | 29367 |
APSB17-24 | CVE-2017-11271 | 29368 |

TippingPoint Operating System (TOS) v3.9.2 Release

Earlier this week, we issued a maintenance release version 3.9.2 build 4784 of the TippingPoint Operating System (TOS) for the N/NX Platform family. For the complete list of enhancements and changes, please refer to the product Release Notes located on the Threat Management center (TMC) Web site at <https://tmc.tippingpoint.com>. Customers with questions or technical assistance can contact the TippingPoint Technical Assistance Center (TAC).

Zero-Day Filters

There are 14 new zero-day filters covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (11)

|

  • 29362: HTTP: Adobe Acrobat Pro DC ImageConversion JPEG Use-After-Free Vulnerability (ZDI-17-590)
  • 29363: HTTP: Adobe Acrobat Pro DC Forms Information Disclosure Vulnerability (ZDI-17-591)
  • 29364: HTTP: Adobe Acrobat Pro DC ImageConversion Memory Corruption Vulnerability (ZDI-17-621)
  • 29365: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-622)
  • 29366: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-623)
  • 29367: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-625)
  • 29368: HTTP: Adobe Acrobat Pro DC ImageConversion Memory Corruption Vulnerability (ZDI-17-629)
  • 29370: HTTP: Adobe Acrobat Pro DC Font Parsing Information Disclosure Vulnerability (ZDI-17-592)
  • 29371: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Information Disclosure Vulnerability (ZDI-17-593)
  • 29414: HTTP: Adobe Acrobat Pro ImageConversion JPEG Information Disclosure Vulnerability (ZDI-17-603)
  • 29418: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-609)
    ---|---

Trend Micro (3)

|

  • 29333: HTTPS: Trend Micro SafeSync for Enterprise replace_local_disk Command Injection (ZDI-17-119)
  • 29337: HTTP: Trend Micro SafeSync for Enterprise dead_local_disk Command Injection (ZDI-17-118)
  • 29338: HTTPS: Trend Micro SafeSync for Enterprise dead_local_disk Command Injection (ZDI-17-118)
    ---|---
    |

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.