{"id":7185,"date":"2017-03-31T05:00:07","date_gmt":"2017-03-31T13:00:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/31\/news-976\/"},"modified":"2017-03-31T05:00:07","modified_gmt":"2017-03-31T13:00:07","slug":"news-976","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/31\/news-976\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of March 27, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 31 Mar 2017 12:00:49 +0000<\/strong><\/p>\n

\"\"<\/p>\n

The world lost a funny, talented and wonderful soul late last week. I only knew him for a year, but Raimund Genes<\/a> made those of us who came to Trend Micro via the TippingPoint acquisition feel right at home. I appreciated his candor, his love of life and his creative cocktails. He was a tremendous part of the Trend Micro family and he will be sorely missed. I offer my sincerest condolences to his family. Rest in peace, my friend.<\/p>\n

 <\/p>\n

DVToolkit CSW File Available for Microsoft IIS ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)<\/strong><\/p>\n

Earlier this week, TippingPoint released DVToolkit CSW file CVE-2017-7269.csw. This filter detects a buffer overflow vulnerability in Microsoft Internet Information Services (IIS). The specific flaw is due to how the ScStoragePathFromUrl function handles an overly long IF header. A successful attack could result in arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This CSW filter will be replaced by DV mainline filter 27643.<\/p>\n

Common Vulnerabilities and Exposures<\/p>\n

http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-7269<\/a><\/p>\n

Discoverer Advisory<\/p>\n

https:\/\/github.com\/edwardz246003\/IIS_exploit<\/a><\/p>\n

For the latest DVToolkit filters, customers can visit the Threat Management Center (TMC) website at https:\/\/tmc.tippingpoint.com<\/a> and navigate to Releases > CSW Files. For questions or technical assistance, customers can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).\u00a0<\/strong><\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 11 new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Adobe (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 27557: ZDI-CAN-4433: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Google (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 27551: ZDI-CAN-4429: Zero Day Initiative Vulnerability (Google Chrome)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Hewlett Packard Enterprise (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 27547: ZDI-CAN-4425: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (8)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 27318: HTTPS: Trend Micro Control Manager dlp_policy.php Directory Traversal (ZDI-17-070 – 072)<\/li>\n
  • 27411: HTTPS: Trend Micro SafeSync storage.pm device_id role Command Injection (ZDI-17-122 – 124)<\/li>\n
  • 27494: HTTPS: Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal (ZDI-17-067 – 069)<\/li>\n
  • 27506: HTTPS: Trend Micro Control Manager download Directory Traversal Vulnerability (ZDI-17-061 – 062)<\/li>\n
  • 27513: ZDI-CAN-4411: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)<\/li>\n
  • 27515: HTTPS: Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal(ZDI-17-064 – 066)<\/li>\n
  • 27544: HTTPS: Trend Micro SafeSync for Enterprise discovery_iscsi_device Command Injection (ZDI-17-116)<\/li>\n
  • 27546: HTTPS: Trend Micro SafeSync for Enterprise restartService Command Injection (ZDI-17-130)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 31 Mar 2017 12:00:49 +0000<\/strong><\/p>\n

\"\"The world lost a funny, talented and wonderful soul late last week. I only knew him for a year, but Raimund Genes made those of us who came to Trend Micro via the TippingPoint acquisition feel right at home. I appreciated his candor, his love of life and his creative cocktails. He was a tremendous…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-7185","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7185"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7185\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7185"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}