{"id":7905,"date":"2017-06-10T10:00:18","date_gmt":"2017-06-10T18:00:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/06\/10\/news-1686\/"},"modified":"2017-06-10T10:00:18","modified_gmt":"2017-06-10T18:00:18","slug":"news-1686","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/06\/10\/news-1686\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 5, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 09 Jun 2017 12:00:05 +0000<\/strong><\/p>\n

\"\"<\/p>\n

This week marked the first time an airline misplaced my bags for a significant period of time. Inclement weather forced me to not only change my flight, but also change airlines. Unfortunately, my luggage didn\u2019t get the memo. I dealt with two airlines to find my bags, and I eventually received my bags over 60 hours later. As Geoffrey Chaucer wrote in The Canterbury Tales<\/em>, \u201cFor better than never is late; never to succeed would be too long a period.\u201d<\/p>\n

 <\/p>\n

It\u2019s better late than never if you haven\u2019t had the chance to read one of the latest white papers from the Zero Day Initiative. Their paper, \u201cTransforming Open Source to Open Access in Closed Applications,\u201d<\/a> sheds light on both old and new vulnerabilities found in Adobe Reader\u2019s XSLT engine, including several that needed to be patched more than once. It focuses on techniques for auditing the source code of Sablotron to find corresponding bugs in Adobe Reader. The paper also presents a new source-to-binary matching technique to help researchers pinpoint the vulnerable conditions within Sablotron that also reside in the assembly of Reader. You will also see real-world application of these techniques demonstrated in the paper through a series of code execution vulnerabilities discovered in Adobe Reader\u2019s codebase.<\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 16 new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Adobe (11)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28463: ZDI-CAN-4763: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28464: ZDI-CAN-4764: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28473: ZDI-CAN-4765: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28474: ZDI-CAN-4766: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28475: ZDI-CAN-4817: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28476: ZDI-CAN-4818: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28477: ZDI-CAN-4819: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28478: ZDI-CAN-4820: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28479: ZDI-CAN-4821: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28480: ZDI-CAN-4822: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28481: ZDI-CAN-4823: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (4)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28299: ZDI-CAN-4685: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28459: HTTPS: Trend Micro InterScan Web Security ReportHandler DoCmd Command Injection (ZDI-17-206)<\/li>\n
  • 28462: ZDI-CAN-4690: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28467: HTTPS: Trend Micro InterScan Web Security doPostMountDevice Command Injection (ZDI-17-209)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

VIPA (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28398: TPKT: VIPA Controls WinPLC7 recv Buffer Overflow Vulnerability (ZDI-17-112)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 09 Jun 2017 12:00:05 +0000<\/strong><\/p>\n

\"\"This week marked the first time an airline misplaced my bags for a significant period of time. Inclement weather forced me to not only change my flight, but also change airlines. Unfortunately, my luggage didn\u2019t get the memo. I dealt with two airlines to find my bags, and I eventually received my bags over 60…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-7905","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7905"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7905\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7905"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}