April 2016 Page 1 of 13
SOPHOS IPS Signature Update Release Notes Version: 7.15.57 Release Date : 29th January 2019
IPS Signature Update
January 2019 Page 2 of 13
Release Information
Upgrade Applicable on
IPS Signature Release Version 7.15.56
Sophos Appliance Models XG-550, XG-750, XG-650
Upgrade Information
Upgrade type: Automatic
Compatibility Annotations: None
Introduction
The Release Note document for IPS Signature Database Version 7.15.57 includes support for the new
signatures. The following sections describe the release in detail.
New IPS Signatures
The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are developed to
significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected] along with the application details.
IPS Signature Update
January 2019 Page 3 of 13
This IPS Release includes One Hundred and Two(102) signatures to address Sixty Nine(69) vulnerabilities.
New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-IE Metasploit Aurora Exploit Attempt
NA Browsers 1
BROWSER-IE Microsoft Internet Explorer CVE-2008-2254 Invalid Pointer Remote Code Execution
CVE-2008-2254
Browsers 2
BROWSER-IE Microsoft Internet Explorer CVE-2012-1526 Negative Margin Use After Free
CVE-2012-1526
Browsers 2
BROWSER-IE Microsoft Internet Explorer CVE-2012-4969 execCommand Use After Free
CVE-2012-4969
Browsers 2
BROWSER-IE Microsoft Internet Explorer CVE-2012-4969 execCommand Use After Free
CVE-2012-4969
Browsers 4
BROWSER-IE Microsoft Internet Explorer CVE-2018-8544 VBScript Engine Remote Code Execution Attempt
CVE-2018-8544
Browsers 2
BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt
CVE-2009-1530
Browsers 2
IPS Signature Update
January 2019 Page 4 of 13
BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt CVE-2010-0249
CVE-2010-0249
Browsers 2
BROWSER-IE Microsoft Internet Explorer Jscript.Encode out-of-bounds read attempt CVE-2018-8631
CVE-2018-8631
Browsers 2
BROWSER-OTHER Malicious CVE-2014-6332 Payload VBS Obfuscation
CVE-2014-6332
Browsers 2
FILE-FLASH Adobe Flash CVE-2010-3654 authplay.dll memory corruption attempt
CVE-2010-3654
Multimedia 3
FILE-FLASH Adobe Flash Player CVE-2018-15982 TVSDK metadata use after free attempt
CVE-2018-15982
Multimedia 2
FILE-FLASH Adobe Flash Player CVE-2018-15982 Use After Free II
CVE-2008-2992
Multimedia 2
FILE-FLASH Adobe Flash Player CVE-2018-15982 Use After Free I
CVE-2008-2992
Multimedia 2
FILE-IMAGE Microsoft Graphics Component CVE-2018-8396 Information Disclosure
CVE-2018-8396
Application and Software
2
IPS Signature Update
January 2019 Page 5 of 13
FILE-JAVA Oracle Java CVE-2010-4462 XGetSamplePtrFromSnd Memory Corruption Attempt
CVE-2010-4462
Application and Software
2
FILE-MULTIMEDIA RealNetworks RealPlayer CVE-2004-0273 RMP Vulnerabilities
CVE-2004-0273
Multimedia 1
FILE-OFFICE Microsoft Excel malformed OBJ Record Arbitrary Code Execution
CVE-2008-4264
Office Tools 2
FILE-OFFICE Microsoft Word document malicious iframe code injection attempt
NA Office Tools 2
FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt
CVE-2018-16020
Application and Software
2
FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt
CVE-2018-16022
Application and Software
2
FILE-OTHER Adobe Acrobat Pro CVE-2018-15993 WebCapture use after free attempt
CVE-2018-15993
Application and Software
2
FILE-OTHER Google Golang Get Command Injection
CVE-2018-7187
Application and Software
2
IPS Signature Update
January 2019 Page 6 of 13
FILE-OTHER Google Golang Get Remote Command Execution
CVE-2018-16873
Application and Software
2
FILE-OTHER Google Golang Get Remote Command Execution
CVE-2018-16873
Application and Software
4
FILE-PDF Adobe Acrobat index file parsing memory corruption attempt
CVE-2018-16046
Application and Software
2
FILE-PDF Adobe Acrobat integer overflow attempt
CVE-2018-16007
Application and Software
2
FILE-PDF Adobe Acrobat Pro CVE-2018-16024 XSLT out-of-bounds Read Vulnerability
CVE-2018-16024
Application and Software
2
FILE-PDF Adobe Acrobat Pro use after free attempt
CVE-2018-19698
Application and Software
2
FILE-PDF Adobe Acrobat Reader AnnotsString memory corruption attempt
CVE-2018-16018
Application and Software
2
FILE-PDF Adobe Acrobat Reader CVE-2018-19717 Remote Code Execution Vulnerability
CVE-2018-19717
Application and Software
2
FILE-PDF Adobe Acrobat Reader JavaScript extractContents use after free attempt
CVE-2018-15992
Application and Software
2
IPS Signature Update
January 2019 Page 7 of 13
FILE-PDF Adobe Acrobat Reader out of bounds read attempt
CVE-2018-15984
Application and Software
2
FILE-PDF Adobe Acrobat Reader XFA resolveNode use after free attempt
CVE-2018-19700
Application and Software
2
FILE-PDF Adobe Reader CVE-2008-2992 Util.Printf Remote Code Execution
CVE-2008-2992
Application and Software
2
FILE-PDF Adobe Reader CVE-2018-16031 Out Of Bounds Read
CVE-2018-5014
Application and Software
2
FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt
CVE-2018-16040
Application and Software
2
FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt
CVE-2018-19707
Application and Software
2
FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt
CVE-2018-19708
Application and Software
2
FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt
CVE-2018-19709
Application and Software
2
FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt
CVE-2018-19715
Application and Software
2
FILE-PDF Adobe Reader CVE- Application and 2
IPS Signature Update
January 2019 Page 8 of 13
JavaScript resolveNode use-after-free Vulnerability
2018-19710
Software
FILE-PDF Adobe Reader PDF CVE-2018-16047 Information Disclosure
CVE-2018-16047
Application and Software
2
FILE-PDF Foxit Reader and PhantomPDF XFA xdpContent Information Disclosure
CVE-2018-3956
Application and Software
2
MISC ONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt
NA Misc 1
OS-WINDOWS Microsoft Windows DHCP Client CVE-2019-0547 Code Execution
CVE-2019-0547
Operating System and Services
2
OS-WINDOWS Microsoft Windows EOT Font CVE-2018-0755 Engine Information Disclosure
CVE-2018-0755
Operating System and Services
2
OS-WINDOWS Microsoft Windows Graphics CVE-2018-8595 Device Interface EMR_HEADER Information Disclosure
CVE-2018-8595
Operating System and Services
3
OS-WINDOWS Microsoft Windows Graphics CVE-2018-8596 Device Interface Information Disclosure
CVE-2018-8596
Operating System and Services
2
IPS Signature Update
January 2019 Page 9 of 13
OS-WINDOWS Microsoft Windows Graphics Device Interface Information Disclosure
CVE-2018-8596
Operating System and Services
2
OS-WINDOWS Microsoft Windows Graphics Device Interface Information Disclosure
CVE-2018-8596
Operating System and Services
4
OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XIII
CVE-2014-6332
Operating System and Services
2
OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XII
CVE-2014-6332
Operating System and Services
2
OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XI
CVE-2014-6332
Operating System and Services
2
OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XIV
CVE-2014-6332
Operating System and Services
2
OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE X
CVE-2014-6332
Operating System and Services
2
IPS Signature Update
January 2019 Page 10 of 13
OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XV
CVE-2014-6332
Operating System and Services
2
OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt CVE-2007-0099
CVE-2007-0099
Operating System and Services
2
PROTOCOL-SCADA Rockwell Automation RSLinx Classic CIP SendRRData Heap Buffer Overflow
CVE-2018-14821
Industrial Control System
2
SERVER-MAIL RCPT TO overflow CVE-2009-0410
CVE-2001-0260
Other Mail Server
3
SERVER-OTHER Elastic Kibana server.js Local File Inclusion
CVE-2018-17246
Web Services and Applications
3
SERVER-OTHER Ingres Database iidbms Heap Overflow
NA Other Web
Server 2
SERVER-OTHER Kubernetes API Proxy Request Handling Privilege Escalation (Decrypted Traffic)
CVE-2018-
1002105
Other Web Server
2
SERVER-OTHER Kubernetes API Proxy Request Handling Privilege Escalation (Decrypted Traffic)
CVE-2018-
1002105
Other Web Server
4
IPS Signature Update
January 2019 Page 11 of 13
SERVER-OTHER Kubernetes API Proxy Request Handling Privilege Escalation
CVE-2018-
1002105
Other Web Server
2
SERVER-OTHER libVNC LibVNCServer File Transfer Extension Heap-based Buffer Overflow
CVE-2018-15127
Other Web Server
2
SERVER-OTHER libVNC LibVNCServer File Transfer Extension Heap-based Buffer Overflow
CVE-2018-15127
Other Web Server
4
SERVER-WEBAPP Netgate pfSense CVE-2018-4021 system_advanced_misc.php Command Injection
CVE-2018-4021
Web Services and Applications
2
SERVER-WEBAPP Zoho ManageEngine OpManager DataMigrationServlet Insecure Deserialization CVE-2018-19403
CVE-2018-19403
Web Services and Applications
2
IPS Signature Update
January 2019 Page 12 of 13
• Name: Name of the Signature
• CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
• Category: Class type according to threat
• Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
IPS Signature Update
January 2019 Page 13 of 13
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2019 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Reg. Office: Sophos House, Saigulshan Complex,
Beside White House, Panchvati Cross Road,
Ahmedabad – 380006, INDIA
Phone: +91-79-66216666
Fax: +91-79-26407640
Web site: www.sophos.com