IPS Security Update - October 24th, 2017

Document created by Danny Jung Champion on Oct 24, 2017
Version 1Show Document
  • View in full screen mode
Check Point IPS Security Update

October 24th, 2017 

Package No. 635177111 & 634177111

New IPS Protections

 R7x Profile
R80 Profiles
Severity
Protection Name
Recommended
Basic
Optimized
Strict
   
CRITICAL  Microsoft Office WordPerfect Document Converter Heap-based Buffer Overflow
(CVE-2017-8744)
OnOffOnOn
Trend Micro Mobile Security Enterprise eas_agent_unregister slink_id SQL Injection
(CVE-2017-14078)
OnOffOnOn
   
HIGH  Digium Asterisk app_minivm Caller-ID Command Execution
(CVE-2017-14100)
OnOffOnOn
 
Oracle Java SE MixerSequencer Object GM_Song Remote Code Execution
(CVE-2010-0842)
OnOffOnOn
 
Schneider Electric U.motion Builder nfcserver.php SQL Injection
(CVE-2017-7973)
OnOffOffOn
   
MEDIUM  Advantech WebAccess rmTemplate.aspx SQL Injection
(CVE-2017-12710)
OnOffOffOn
Atlassian FishEye and Crucible mostActiveCommitters Information Disclosure
(CVE-2017-9512)
OnOffOnOn
 
HPE Intelligent Management Center getSelInsBean Expression Language Injection
(CVE-2017-12490)
OnOffOnOn
 
Microsoft Windows Search Information Disclosure
(CVE-2017-8544)
OnOffOnOn
   
LOW  Microsoft Windows XXE Information Disclosure
(CVE-2017-8710)
OffOffOffOn

Updated Protections

 
R7x Profile
R80 Profiles
Protection Name
Recommended
Basic
Optimized
Strict
  
Adobe Acrobat and Reader Use After Free
(APSB17-24; CVE-2017-11256)
OnOffOnOn
Adobe Flash Player Integer Overflow Remote Code Execution
(APSB16-01; CVE-2015-8651)
OnOffOnOn
Adobe Flash Player Remote Code Execution
(APSA16-01; CVE-2016-1019)
OnOffOnOn
Cisco IP Phone SIP INVITE Message Denial of Service
(CVE-2007-1542)
OnOffOffOn
HPE Intelligent Management Center dbman RestoreDBase Command Injection
(CVE-2017-5817; CVE-2017-5819)
OnOffOnOn
Joomla LDAP Information Disclosure
(CVE-2017-14596)
OnOffOnOn
Linux EternalRed Samba Remote Code Execution
(CVE-2017-7494)
OnOnOnOn
Microsoft Edge Scripting Engine Memory Corruption
(CVE-2017-8671)
OnOffOnOn
Microsoft Internet Explorer Jscript9 Memory Corruption
(MS15-065; CVE-2015-2419)
OnOffOffOn
Microsoft Windows Media Player RTSP Use after Free Code Execution
(MS10-075; CVE-2010-3225)
OnOffOnOn
Novell eDirectory NCP Stack Buffer Overflow
(CVE-2012-0432)
OnOffOnOn
SQL Servers Unauthorized Commands SQL Injection
(CVE-2014-3704)
OnOffOnOn
Web Login Form Password Brute Force AttemptOnOffOffOn
WordPress Display Widgets Plugin Spammers BackdoorOnOffOnOn
General Notifications

 

Tags of over 4000 protections were adjusted to better define protections' vendors and products, resulting with over 800 additional protections in R80 Optimized profile

Threat wiki
App wiki
IPS Advisories
 Copyright © Check Point
Software Technologies LTD.

Attachments

    Outcomes