Home » Network » TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 27, 2017

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 27, 2017

Posted on:March 31, 2017
Posted in:Network, Security, Zero Day Initiative
Posted by:
Elisa Lippincott (TippingPoint Global Product Marketing)

The world lost a funny, talented and wonderful soul late last week. I only knew him for a year, but Raimund Genes made those of us who came to Trend Micro via the TippingPoint acquisition feel right at home. I appreciated his candor, his love of life and his creative cocktails. He was a tremendous part of the Trend Micro family and he will be sorely missed. I offer my sincerest condolences to his family. Rest in peace, my friend.

DVToolkit CSW File Available for Microsoft IIS ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)

Earlier this week, TippingPoint released DVToolkit CSW file CVE-2017-7269.csw. This filter detects a buffer overflow vulnerability in Microsoft Internet Information Services (IIS). The specific flaw is due to how the ScStoragePathFromUrl function handles an overly long IF header. A successful attack could result in arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This CSW filter will be replaced by DV mainline filter 27643.

Common Vulnerabilities and Exposures

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7269

Discoverer Advisory

https://github.com/edwardz246003/IIS_exploit

For the latest DVToolkit filters, customers can visit the Threat Management Center (TMC) website at https://tmc.tippingpoint.com and navigate to Releases > CSW Files. For questions or technical assistance, customers can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).

Zero-Day Filters

There are 11 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (1)

	27557: ZDI-CAN-4433: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)

Google (1)

	27551: ZDI-CAN-4429: Zero Day Initiative Vulnerability (Google Chrome)

Hewlett Packard Enterprise (1)

	27547: ZDI-CAN-4425: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)

Trend Micro (8)

27318: HTTPS: Trend Micro Control Manager dlp_policy.php Directory Traversal (ZDI-17-070 – 072)
27411: HTTPS: Trend Micro SafeSync storage.pm device_id role Command Injection (ZDI-17-122 – 124)
27494: HTTPS: Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal (ZDI-17-067 – 069)
27506: HTTPS: Trend Micro Control Manager download Directory Traversal Vulnerability (ZDI-17-061 – 062)
27513: ZDI-CAN-4411: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
27515: HTTPS: Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal(ZDI-17-064 – 066)
27544: HTTPS: Trend Micro SafeSync for Enterprise discovery_iscsi_device Command Injection (ZDI-17-116)
27546: HTTPS: Trend Micro SafeSync for Enterprise restartService Command Injection (ZDI-17-130)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 27, 2017

Security Intelligence Blog

Featured Authors

Trend Micro in the News

Trend Micro Blogs

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 27, 2017

Related posts:

Security Intelligence Blog

Featured Authors

Trend Micro in the News

Trend Micro Blogs