• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Elisa Lippincott
    • Mark Nunnikhoven
    • Jon Clay
  • Research
Home   »   Network   »   TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 27, 2017

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 27, 2017

  • Posted on:March 31, 2017
  • Posted in:Network, Security, Zero Day Initiative
  • Posted by:
    Elisa Lippincott (TippingPoint Global Product Marketing)
0

The world lost a funny, talented and wonderful soul late last week. I only knew him for a year, but Raimund Genes made those of us who came to Trend Micro via the TippingPoint acquisition feel right at home. I appreciated his candor, his love of life and his creative cocktails. He was a tremendous part of the Trend Micro family and he will be sorely missed. I offer my sincerest condolences to his family. Rest in peace, my friend.

 

DVToolkit CSW File Available for Microsoft IIS ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)

Earlier this week, TippingPoint released DVToolkit CSW file CVE-2017-7269.csw. This filter detects a buffer overflow vulnerability in Microsoft Internet Information Services (IIS). The specific flaw is due to how the ScStoragePathFromUrl function handles an overly long IF header. A successful attack could result in arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This CSW filter will be replaced by DV mainline filter 27643.

Common Vulnerabilities and Exposures

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7269

Discoverer Advisory

https://github.com/edwardz246003/IIS_exploit

For the latest DVToolkit filters, customers can visit the Threat Management Center (TMC) website at https://tmc.tippingpoint.com and navigate to Releases > CSW Files. For questions or technical assistance, customers can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). 

Zero-Day Filters

There are 11 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (1)

  • 27557: ZDI-CAN-4433: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 

Google (1)

  • 27551: ZDI-CAN-4429: Zero Day Initiative Vulnerability (Google Chrome)

Hewlett Packard Enterprise (1)

  • 27547: ZDI-CAN-4425: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 

Trend Micro (8)

  • 27318: HTTPS: Trend Micro Control Manager dlp_policy.php Directory Traversal (ZDI-17-070 – 072)
  • 27411: HTTPS: Trend Micro SafeSync storage.pm device_id role Command Injection (ZDI-17-122 – 124)
  • 27494: HTTPS: Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal (ZDI-17-067 – 069)
  • 27506: HTTPS: Trend Micro Control Manager download Directory Traversal Vulnerability (ZDI-17-061 – 062)
  • 27513: ZDI-CAN-4411: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
  • 27515: HTTPS: Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal(ZDI-17-064 – 066)
  • 27544: HTTPS: Trend Micro SafeSync for Enterprise discovery_iscsi_device Command Injection (ZDI-17-116)
  • 27546: HTTPS: Trend Micro SafeSync for Enterprise restartService Command Injection (ZDI-17-130)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

Related posts:

  1. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 3, 2017
  2. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 6, 2017
  3. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 13, 2017
  4. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 20, 2017

Security Intelligence Blog

  • Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant
  • XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
  • XTRAT and DUNIHI Backdoors Bundled with Adwind in Spam Mails

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • The Role That IT Security Teams Need to Play in Connected Hospitals
Elisa Lippincott (TippingPoint Global Product Marketing)
Elisa Lippincott (TippingPoint Global Product Marketing)
  • TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 16, 2018
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Warnings and WannaCry
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Drupal Latest Platform To Be Hit With Critical Vulnerability
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • Today’s Predictions for Tomorrow’s Internet
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • The Risks of Bio-IoT

Follow Us

Trend Micro in the News

  • The connected workforce: The importance of protecting home and corporate networks
  • NIST Cybersecurity Framework Series Part 5: Recover
  • NIST Cybersecurity Framework Series Part 4: Respond

Trend Micro Blogs

  • Internet Safety for Kids
  • Countermeasures
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.