|
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 45 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 3.156 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 11 )
| Vulnerability | Release Date | IPS Definition DB Version |
|---|---|---|
| ACDSee.BMP.Image.Processing.Code.Execution | Feb 23, 2012 | 3.154 |
| Adobe.Flash.Player.ASConstruction.Parsing.Memory.Corruption | Feb 18, 2012 | 3.152 |
| Adobe.Flash.Player.AVM2.Type.Confusion.Memory.Corruption | Feb 18, 2012 | 3.152 |
| Adobe.Flash.Player.ActiveX.iframe.XSS | Feb 18, 2012 | 3.152 |
| Adobe.Flash.Player.MP4.Atoms.Invalid.Length.Memory.Corruption | Feb 18, 2012 | 3.152 |
| Adobe.Flash.Player.Malformed.URL.Parsing.Memory.Corruption | Feb 16, 2012 | 3.151 |
| Adobe.Flash.Player.installer.DLL.Loading.Security.Bypass | Feb 18, 2012 | 3.152 |
| Apache.Struts.2.CookieInterceptor.OGNL.Remote.Code.Execution | Feb 23, 2012 | 3.154 |
| Multiple.Mozilla.Products.Ogg.Vorbis.Decoding.Memory.Corruption | Feb 23, 2012 | 3.154 |
| PHP.Php.Register.Variable.Ex.Function.Code.Execution | Feb 23, 2012 | 3.154 |
| WorkSite.Web.TransferCtrl.Class.ActiveX.Control.Code.Execution | Feb 23, 2012 | 3.154 |
High ( 18 )
Medium ( 6 )
| Vulnerability | Release Date | IPS Definition DB Version |
|---|---|---|
| Apache.Mod_Proxy.Mode.Security.Bypass | Feb 28, 2012 | 3.156 |
| Apache.httpOnly.Cookie.Disclosure | Feb 23, 2012 | 3.154 |
| HPE.HPEinc.Remote.File.Inclusion | Feb 15, 2012 | 3.150 |
| MailEnable.Webmail.XSS | Feb 23, 2012 | 3.155 |
| Oracle.Java.ZIP.File.Parsing.Stack.Overflow.DoS | Feb 28, 2012 | 3.156 |
| Oxide.WebServer.Directory.Traversal | Feb 28, 2012 | 3.156 |
Low ( 3 )
| Vulnerability | Release Date | IPS Definition DB Version |
|---|---|---|
| Apache.HTTPD.mod.log.config.Cookie.Handling.DoS | Feb 28, 2012 | 3.156 |
| Nero.MediaHome.NMMediaServer.EXE.Remote.DoS | Feb 23, 2012 | 3.154 |
| eScan.Corporate.Edition.FTP.Server.Arbitrary.File.Download | Feb 23, 2012 | 3.154 |
Info ( 1 )
| Vulnerability | Release Date | IPS Definition DB Version |
|---|---|---|
| SMTP.Executable.Attachment | Feb 28, 2012 | 3.156 |
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 40 )
High ( 58 )
Medium ( 28 )
Low ( 5 )
| Vulnerability | Revision Notes |
|---|---|
| Air.Contacts.Lite.HTTP.Packet.DoS | Default_action updated to 'drop' |
| FTP.LIST.Directory.Traversal | Detection Enhanced |
| HTTP.UserAgent.HTML.Injection | Previous name: "ReloadCMS.UserAgent.HTML.Injection" Detection Enhanced |
| Media.Player.Classic.AVI.File.DoS | Default_action updated to 'drop' |
| Watchfire.Appscan.Insecure.Method | Detection Enhanced |
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 18 of 36 )
High ( 12 of 46 )
Medium ( 10 of 16 )
| Vulnerability | Active Exploitaion Observed | Magnitude |
|---|---|---|
| AWStats.Remote.Command.Injection | Yes | Low |
| Apache.Mod_Proxy.Mode.Security.Bypass | Yes | Low |
| Apache.httpOnly.Cookie.Disclosure | No | N/A |
| AskSam.Web.Publisher.As_web4.XSS | Yes | Medium |
| Asterisk.Products.Multiple.Remote.DoS | Yes | Low |
| HPE.HPEinc.Remote.File.Inclusion | Yes | Low |
| HTTP.Server.Backslash.Character.Directory.Traversal | Yes | Low |
| MS.IE.COM.Object.Instantiation.Memory.Corruption | Yes | High |
| MS.IE.JSWindow.Bodyonload.Tag.Code.Execution | No | N/A |
| MS.Windows.TCPIP.Stack.DoS | Yes | Medium |
| MailEnable.Webmail.XSS | No | N/A |
| Oracle.Java.ZIP.File.Parsing.Stack.Overflow.DoS | No | N/A |
| Oxide.WebServer.Directory.Traversal | Yes | Low |
| Savant.Web.Server.GET.Overflow | No | N/A |
| Squid.Web.Proxy.HTTP.Version.Number.DoS | Yes | Low |
| XAMPP.WEBDAV.Malicious.PHP.File.Upload | No | N/A |
Low ( 4 of 6 )
| Vulnerability | Active Exploitaion Observed | Magnitude |
|---|---|---|
| Apache.HTTPD.mod.log.config.Cookie.Handling.DoS | Yes | Low |
| FTP.LIST.Directory.Traversal | Yes | Low |
| HTTP.UserAgent.HTML.Injection | Yes | Low |
| Nero.MediaHome.NMMediaServer.EXE.Remote.DoS | No | N/A |
| Watchfire.Appscan.Insecure.Method | Yes | Low |
| eScan.Corporate.Edition.FTP.Server.Arbitrary.File.Download | No | N/A |
Info ( 1 of 1 )
| Vulnerability | Active Exploitaion Observed | Magnitude |
|---|---|---|
| SMTP.Executable.Attachment | Yes | Medium |
Top of Section
