|
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 135 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 3.129 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 22 )
High ( 41 )
Medium ( 35 )
Low ( 6 )
| Vulnerability | Release Date | IPS Definition DB Version |
|---|---|---|
| MS.IE.DXTFilter.Remote.DoS | Dec 29, 2011 | 3.128 |
| MS.IE.J2SE.Applet.Exception.Remote.DoS | Dec 29, 2011 | 3.128 |
| MS.IE.StructuredGraphics.Remote.DoS | Dec 29, 2011 | 3.128 |
| MS.IE.Sysmon.Remote.DoS | Jan 4, 2012 | 3.129 |
| MS.IE.WMF.CreateBrushIndirect.DoS | Jan 4, 2012 | 3.129 |
| SIP.Register.With.Contact.Header.Param | Jan 4, 2012 | 3.129 |
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 70 )
High ( 124 )
Medium ( 74 )
Low ( 24 )
| Vulnerability | Revision Notes |
|---|---|
| Dxmsoft.XM.Easy.Personal.FTP.Server.NSLT.DoS | Detection Enhanced Status updated to 'disable' |
| Ethereal.Dissector.Buffer.Overflow | Detection Enhanced Status updated to 'enable' |
| IMAP.APPEND.Command.Buffer.Overflow | Detection Enhanced Default_action updated to 'drop' |
| Invisionix.Roaming.System.PageHeaderDefault.File.Inclusion | Detection Enhanced Default_action updated to 'drop' |
| Knusperleicht.ShoutBox.Remote.File.Inclusion | Detection Enhanced Default_action updated to 'drop' |
| ME.Download.System.Header.Remote.File.Inclusion | Default_action updated to 'drop' Detection Enhanced |
| MF.Piadas.Admin.Remote.File.Inclusion | Detection Enhanced Default_action updated to 'drop' |
| MS.IE.Mshtml.Dll.HTML.Parsing.DoS | Detection Enhanced |
| MS.Windows.Printing.Service.DoS | Detection Enhanced Status updated to 'enable' |
| Mambo.MosConfig.Absolute.Path.Remote.File.Include | Default_action updated to 'drop' Detection Enhanced |
| Mambo.VideoDB.Class.PHP.Remote.File.Inclusion | Detection Enhanced Default_action updated to 'drop' |
| Modernbill.Config.Remote.File.Inclusion | Detection Enhanced Default_action updated to 'drop' |
| Mozilla.Firefox.Large.GIF.File.Background.DoS | Detection Enhanced |
| MyNewsGroups.Layersmenu.INC.Remote.File.Inclusion | Detection Enhanced Default_action updated to 'drop' |
| Oracle.9i.Application.Server.Web.Cache.DoS | Detection Enhanced |
| Oracle.9i.XDB.FTP.Pass.Overflow | Detection Enhanced |
| SIP.No.Tokens.In.Contact.Display | Default_action updated to 'drop' Detection Enhanced |
| SIP.Register.With.Url.Escaped.Header | Detection Enhanced |
| SIP.Response.Overlarge.Scalar.Values | Detection Enhanced |
| SIP.Unacceptable.Accept.Offering | Detection Enhanced |
| SIP.Unknown.Header.URI.Scheme | Detection Enhanced |
| TCPDump.BGP.Decoding.Routines.DoS | Detection Enhanced |
| Ventrilo.Status.Requests.DoS | Detection Enhanced Default_action updated to 'drop' |
| ZmEu.Vulnerability.Scanner | Severity updated to 'low' Detection Enhanced |
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 27 of 91 )
High ( 58 of 161 )
Medium ( 43 of 107 )
Low ( 7 of 30 )
Top of Section
