This application requires Javascript for optimal performance.

Intrusion Prevention

The FortiGuard Intrusion Prevention Service provides Fortinet customers with the latest defenses against stealthy network-level threats. It uses a customizable database of more than 4000 known threats to enable FortiGate and FortiWiFi appliances to stop attacks that evade conventional firewall defenses. It also provides behavior-based heuristics, enabling the system to recognize threats for which no signature has yet been developed.

The combination of known and unknown threat prevention enables FortiGate systems to stop the most damaging attacks at the network border regardless of whether the network is a wired, wireless, partner extranet, or branch office network connection.

Additionally, the FortiGuard IPS provides more than 1000 application identity signatures for complete application control. IPS signature updates are provided quickly via the global FortiGuard distribution network.

Resources

FortiGuard Encyclopedia

FortiGuard Encyclopedia contains detailed descriptions of known viruses, spyware, vulnerabilities and applications.
Read more

Security Research

Papers and presentations from the FortiGuard Global Threat Research Team, updates on the latest Intrusion Prevention techniques.
Read more

Severity Levels

Learn how the FortiGuard Global Threat Research Team provides severity rating on the coverage of vulnerabilities.
Read more

IPS feedIPS Updates

3.189 ( Released: May 14, 2012 23:51:00 )

New ( 8 )
  • Adobe.Shockwave.Player.Multiple.Code.Execution (critical)
  • FG-VD-12-013-Adobe (critical)
  • Harbor.Remote.Command.Execution (high)
  • McAfee.Virtual.Technician.MVTControl.ActiveX.Code.Execution (high)
  • McAfee.Virtual.Technician.MVTControl.ActiveX.GetObject.Exploit (high)
  • MS.Excel.Series.Record.Parsing.Remote.Code.Execution (high)
  • Oracle.GlassFish.Server.REST.Interface.CSRF (medium)
  • Oracle.GlassFish.Server.XSS (medium)
Enhanced ( 3 )
  • FreePBX.Callmenum.Remote.Code.Execution.And.XSS (high)
  • MS.Windows.MSCOMCTL.ActiveX.Control.Remote.Code.Execution (critical)
  • Symantec.Norton.UPX.File.Heap.Overflow.Canvas (high)
Renamed ( 2 )
  • back_orifice_2k_udp (Previous name: "Back.Orifice.2k.Udp")
  • udp_invalid_packet_size (Previous name: "UDP.Invalid.Packet.Size")
Deprecated ( 1 )
  • TCP.Bad.Flags
Attribute Changed ( 69 )
  • Adobe.Flex.SDK.Flash.Cross.Site.Scripting (Default_action updated to 'drop')
  • Apple.iPhone.FreeType.Buffer.Overflow (Default_action updated to 'drop')
  • AVID.Phonetic.Indexer.Remote.Stack.Buffer.Overflow (Default_action updated to 'drop')
  • Back.Orifice.Traffic (Severity updated to 'high')
  • back_orifice_2k_udp (Severity updated to 'high')
  • FTP.Bounce.Attack (Status updated to 'disable')
  • General.Electric.ihDataArchiver.Service.Remote.Overflow (Default_action updated to 'drop')
  • GnuTLS.Libtasn1.ASN1.Length.DER.Decoding.Buffer.Overflow (Default_action updated to 'drop')
  • H323.IE.Syntax.Error (Severity updated to 'info')
  • H323.Message.Overflow (Severity updated to 'info')
  • H323.UUIE.Syntax.Error (Severity updated to 'info')
  • HP.UX.FTP.Server.Directory.Listing (Status updated to 'disable')
  • IBM.Lotus.Domino.iCalendar.Attachment.Name.Overflow (Default_action updated to 'drop')
  • IBM.Lotus.Domino.Remote.DoS (Default_action updated to 'drop')
  • IBM.Lotus.Notes.Attachment.Handling.Overflow (Default_action updated to 'drop')
  • IBM.Tivoli.Endpoint.Manager.Web.Reports.ScheduleParam.XSS (Default_action updated to 'drop')
  • IISadmpwd.aexp.Usage (Status updated to 'disable')
  • InduSoft.Web.Studio.Remote.Agent.Code.Execution (Default_action updated to 'drop')
  • Iomega.StorCenter.Pro.NAS.Web.Authentication.Bypass (Default_action updated to 'drop')
  • JBoss.AS7.Management.Deployer (Default_action updated to 'drop')
  • Jcow.CMS.PHP.Remote.Code.Execution (Default_action updated to 'drop')
  • Kerberos.Spoofing (Default_action updated to 'drop')
  • LHA.Filename.Buffer.Overflow (Default_action updated to 'drop')
  • Lhaca.LZH.Archive.Extended.Header.Size.Buffer.Overflow (Default_action updated to 'drop')
  • LifeSize.Room.Security.Bypass.Command.Execution (Default_action updated to 'drop')
  • Magix.Musik.Maker.Mmm.Buffer.Overflow (Default_action updated to 'drop')
  • Malicious.Javascript.Obfuscation.Code.Detection (Default_action updated to 'drop')
  • McAfee.Security.Service.ActiveX.Control.Code.Execution (Default_action updated to 'drop')
  • Mortal.Universe.Software.Poppeeper.Ini.File.Buffer.Overflow (Default_action updated to 'drop')
  • Mozilla.Firefox.mChannel.Remote.Code.Execution (Default_action updated to 'drop')
  • Mozilla.Firefox.mChannel.Use.After.Free (Default_action updated to 'drop')
  • MS.ASP.NET.Request.Object.Handling.DoS (Default_action updated to 'drop')
  • MS.Excel.Font.Code.Execution (Default_action updated to 'drop')
  • MS.Excel.Obj.BIFF.Record.Memory.Corruption (Default_action updated to 'drop')
  • MS.Excel.OBJ_5d.Record.Memory.Corruption (Default_action updated to 'drop')
  • MS.Excel.Selection.BIFF.Record.Memory.Corruption (Default_action updated to 'drop')
  • MS.Excel.Series.Record.Memory.Corruption (Default_action updated to 'drop')
  • MS.Excel.SupBook.Record.Memory.Corruption (Default_action updated to 'drop')
  • MS.Excel.XF.BIFF.Record.Memory.Corruption (Default_action updated to 'drop')
  • MS.Forefront.UAG.Server.tableData.XSS (Default_action updated to 'drop')
  • MS.FrontPage.Server.Extensions.RPC.File.Upload (Default_action updated to 'drop')
  • MS.Host.Integration.Server.Protocol.DoS (Default_action updated to 'drop')
  • MS.IE.DOM.Manipulation.Memory.Corruption (Default_action updated to 'drop')
  • MS.IE.Groove.Insecure.Library.Loading (Default_action updated to 'drop')
  • MS.IE.Link.Properties.Handling.Memory.Corruption (Default_action updated to 'drop')
  • MS.IE.Window.Open.Race.Code.Execution (Default_action updated to 'drop')
  • MS.Office.Compress.Visio.Objects.Handling.Memory.Corruption (Default_action updated to 'drop')
  • MS.Office.Excel.Improper.Record.Parsing (Default_action updated to 'drop')
  • MS.Office.Excel.Realtime.Data.Remote.Code.Execution (Default_action updated to 'drop')
  • MS.Office.Row.Visio.Objects.Handling.Memory.Corruption (Default_action updated to 'drop')
  • MS.Office.Works.WPS.Converter.Code.Execution (Default_action updated to 'drop')
  • MS.Outlook.RTF.Email.Buffer.Overflow (Default_action updated to 'drop')
  • MS.PowerPoint.Persist.Directory.Remote.Code.Execution (Default_action updated to 'drop')
  • MS.Queue.Manager.Heap.Overflow (Default_action updated to 'drop')
  • MS.SharePoint.themeweb.aspx.XSS (Default_action updated to 'drop')
  • MS.Windows.AD.Certificate.Service.XSS (Default_action updated to 'drop')
  • MS.Windows.NAT.Helper.DNS.Query.DoS (Status updated to 'disable')
  • MS.WINS.ECommEndDlg.Input.Validation.Error (Default_action updated to 'drop')
  • MySQL.Remote.DoS (Default_action updated to 'drop')
  • Novell.Netware.Client.Print.Provider.Buffer.Overflow (Status updated to 'disable')
  • Opera.JPEG.DHT.Heap.Corruption (Status updated to 'enable')
  • RADIUS.Invalid.Attribute (Severity updated to 'info')
  • RADIUS.Malformed.Packet (Severity updated to 'info')
  • SNMP.Invalid.ID (Severity updated to 'info')
  • SNMP.Invalid.Version (Severity updated to 'info')
  • SSL.Renegotiation.DoS (Status updated to 'disable')
  • SSLv3.SessionID.Overflow (Status updated to 'disable')
  • Sun.iPlanet.Admin.Server.XSS (Status updated to 'disable')
  • udp_invalid_packet_size (Severity updated to 'medium')

3.188 ( Released: May 10, 2012 01:54:00 )

New ( 6 )
  • MS.PNG.Buffer.Overflow (low)
  • MS.SQL.Server.User.Authentication.Buffer.Overflow (high)
  • Netmechanica.NetDecision.HTTP.Server.Buffer.Overflow (medium)
  • OFFL.DOC.ROOT.File.Inclusion (high)
  • PhpRealty.MGR.Parameter.File.Inclusion (medium)
  • PHPSecurePages.CfpProgDir.File.Inclusion (high)
Enhanced ( 6 )
  • Adobe.Flash.Player.Authplay.Remote.Code.Execution (critical)
  • Adobe.Flash.Player.System.Product.Code.Execution (critical)
  • Apache.Struts2.Framework.Remote.Code.Execution (critical)
  • Apache.Tomcat.Remote.Exploit.Account.Scanner (high)
  • HP.OpenView.NNM.Ovas.Buffer.Overflow (critical)
  • MS.Windows.MPEG4.Codec.ASF.Parsing.Code.Execution (critical)
Deprecated ( 1 )
  • PHP5.Register.Variable.Ex.Function.Code.Execution (critical)
Attribute Changed ( 51 )
  • Abee.CHM.Maker.Chmprj.Code.Execution (Default_action updated to 'drop')
  • AccuSoft.ImageGear.Igcore15d.Malformed.CLP.File.Buffer.Overflow (Default_action updated to 'drop')
  • Acritum.Femitter.Server.HTTP.Request.Remote.File.Disclosure (Default_action updated to 'drop')
  • Adobe.Acrobat.Local.Privilege.Escalation (Default_action updated to 'drop')
  • Adobe.PDF.Reader.AcroPDF.dll.Resource.Consumption.DoS (Default_action updated to 'drop')
  • AlsaPlayer.Vorbis.OGG.Processing.Buffer.Overflow (Default_action updated to 'drop')
  • Apple.iCal.COUNT.Parameter.Integer.Overflow (Default_action updated to 'drop')
  • Apple.Mac.OS.X.Mail.Code.Execution (Default_action updated to 'drop')
  • Apple.QuickTime.CRGN.Atom.Stack.Exhaustion.DoS (Default_action updated to 'drop')
  • Apple.QuickTime.H264.Movie.File.Overflow (Default_action updated to 'drop')
  • Apple.QuickTime.JPEG.Buffer.Overflow (Default_action updated to 'drop')
  • Apple.Safari.Feed.URI.Input.Validation.XSS (Default_action updated to 'drop')
  • Apple.Safari.File.Handler.Remote.Code.Execution (Default_action updated to 'drop')
  • Apple.Safari.Render.Destroy.Code.Execution (Default_action updated to 'drop')
  • Ashampoo.3D.CAD.Pro.ViewControl.SaveData.ActiveX.Access (Default_action updated to 'drop')
  • Audacity.aup.Project.File.Parsing.Buffer.Overflow (Default_action updated to 'drop')
  • Autodesk.3DStudio.Max.Embedded.Maxscript.Memory.Corruption (Default_action updated to 'drop')
  • Autodesk.Maya.ScriptNode.Code.Execution (Default_action updated to 'drop')
  • Backdoor.GhostVoice (Default_action updated to 'drop')
  • Backdoor.Nuclear.RAT (Default_action updated to 'drop')
  • Backdoor.Win32.VB.BAX (Default_action updated to 'drop')
  • CakePHP.Unserialize.PHP.Code.Execution (Default_action updated to 'drop')
  • Cisco.7940.Phone.SIP.Message.Handling.Remote.DoS (Default_action updated to 'drop')
  • CitectSCADA.ODBC.Server.Stack.Buffer.Overflow (Default_action updated to 'drop')
  • Codesighs.sscanf.Remote.Buffer.Overflow (Default_action updated to 'drop')
  • dBpowerAMP.Audio.Player.pls.File.Buffer.Overflow (Default_action updated to 'drop')
  • Easewe.FTP.OCX.ActiveX.Multiple.Insecure.Method (Default_action updated to 'drop')
  • Easy.Web.Password.ewp.File.Buffer.Overflow (Default_action updated to 'drop')
  • Free.CD.to.MP3.Converter.WAV.File.Overflow (Default_action updated to 'drop')
  • IntelliTamper.CAT.Catalog.File.Buffer.Overflow (Default_action updated to 'drop')
  • Mozilla.Firefox.Large.GIF.File.Background.DoS (Default_action updated to 'drop')
  • Mozilla.Firefox.URLBar.Null.Byte.File.Code.Execution (Default_action updated to 'drop')
  • MPlayer.Multiple.Remote.DoS (Default_action updated to 'drop')
  • MS.Excel.Malformed.OBJECT.Type.File.Memory.Corruption (Default_action updated to 'drop')
  • MS.IE.MHTML.Cross.Domain.Information.Disclosure (Default_action updated to 'drop')
  • MS.MediaPlayer.Wav.Mid.Snd.File.DoS (Default_action updated to 'drop')
  • MS.SharePoint.HTTP.Information.Disclosure (Default_action updated to 'drop')
  • MS.SQL.Server.Buffer.Overflow (Severity updated to 'medium')
  • Opera.Browser.Bitmap.File.Remote.DoS (Default_action updated to 'drop')
  • Random.Icarus.PGN.File.Remote.Stack.Buffer.Overflow (Default_action updated to 'drop')
  • Siemens.Gigaset.SE461.WiMAX.Router.Request.DoS (Default_action updated to 'drop')
  • SIP.Invite.Remote.DoS (Default_action updated to 'drop')
  • SIP.Invite.Spoofing (Default_action updated to 'drop')
  • SIP.WengoPhone.Soft.Phone.Malformed.Packet.DoS (Default_action updated to 'drop')
  • SonicWALL.Global.VPN.Client.Remote.Format.String (Default_action updated to 'drop')
  • TFTP.Server.TFTPDWIN.Long.Message.DoS (Default_action updated to 'drop')
  • Websense.Email.Security.and.Email.Manager.Buffer.Overflow (Default_action updated to 'drop')
  • XSS.Vulnerabilities.In.Common.Shockwave.Flash.Files (Default_action updated to 'drop')
  • Yahoo.Messenger.URL.Handler.Remote.DoS (Default_action updated to 'drop')
  • Yaws.Multiple.Header.Request.DoS (Default_action updated to 'drop')
  • Yoast.Google.Analytics.For.WordPress.Plugin.XSS (Default_action updated to 'drop')

3.187 ( Released: May 8, 2012 22:30:00 )

New ( 13 )
  • Adobe.Flash.Player.RTMP.Response.Parsing.Code.Execution (critical)
  • MS.ASP.Net.Framework.Serialization.Remote.Code.Execution (critical)
  • MS.Excel.File.Format.Parsing.Memory.Corruption (high)
  • MS.Excel.File.Format.Record.Parsing.Memory.Corruption (high)
  • MS.Excel.MergeCells.Record.Parsing.Remote.Code.Execution (high)
  • MS.Excel.Modified.Bytes.Memory.Corruption (high)
  • MS.Excel.SXLI.Record.Parsing.Memory.Corruption (high)
  • MS.GDI+.Record.Type.Handling.Code.Execution (critical)
  • MS.Office.GDI+.EMF.File.Handling.Heap.Overflow (critical)
  • MS.Office.RTF.Mismatch.Remote.Code.Execution (critical)
  • MS.Visio.Viewer.2010.Remote.Code.Execution (high)
  • MS.Windows.NET.Framework.Buffer.Allocation.Code.Execution (critical)
  • MS.Windows.True.Type.Font.Parsing.Code.Execution (high)
Enhanced ( 9 )
  • Adobe.Flash.Player.Authplay.Remote.Code.Execution (critical)
  • Adobe.Flash.Player.MP4.Atoms.Invalid.Length.Memory.Corruption (critical)
  • MS.IE.Close.Event.Handling.Memory.Corruption (critical)
  • MS.IE.MSHTML.Word.File.Format.Memory.Corruption (high)
  • MS.IE.Null.Byte.Information.Disclosure (high)
  • MS.Office.TIFF.Image.Converter.Heap.Overflow (high)
  • MS.Windows.SMB1.Request.Parsing.DoS (medium)
  • Novell.NetMail.WebAdmin.Username.Buffer.Overflow (medium)
  • Sybase.Open.Server.Null.Byte.Stack.Memory.Corruption (critical)
Deprecated ( 1 )
  • MS.PNG.Buffer.Overflow (low)
Attribute Changed ( 50 )
  • ACDSee.Photo.Editor.2008.XMB.File.Overflow (Default_action updated to 'drop')
  • Adobe.Flash.LoadMovie.CSRF (Default_action updated to 'drop')
  • Adobe.Flash.Player.ActionStoreRegister.Code.Execution (Default_action updated to 'drop')
  • Adobe.Flash.Player.Arbitrary.Code.Execution (Default_action updated to 'drop')
  • Adobe.Flash.Player.Class.Vector.Code.Execution (Default_action updated to 'drop')
  • Adobe.Flash.Player.Double.Free.Stack.Buffer.Overflow (Default_action updated to 'drop')
  • Adobe.Flash.Player.DuplicateDoorInputArguments.Integer.Overflow (Default_action updated to 'drop')
  • Adobe.Flash.Player.Malformed.SWF.Memory.Corruption (Default_action updated to 'drop')
  • Adobe.Flash.Player.MovieClipLoader.CSRF (Default_action updated to 'drop')
  • Adobe.Flash.Player.Unspecified.SR.Memory.Corruption (Default_action updated to 'drop')
  • Adobe.Flash.Player.Unspecified.Zero.Memory.Corruption (Default_action updated to 'drop')
  • Adobe.Shockwave.Player.DIRAPI.Module.Memory.Corruption (Default_action updated to 'drop')
  • Anzio.Web.Print.Activex.Code.Execution (Default_action updated to 'drop')
  • Autodesk.Softimage.Scene.TOC.File.Remote.Code.Execution (Default_action updated to 'drop')
  • Belkin.F5D7230.4.Wireless.Authentication.Weakness (Default_action updated to 'drop')
  • CA.TotalDefense.UNCWS.UnAssignAdminUsers.Remote.Code.Execution (Default_action updated to 'drop')
  • Clam.Antivirus.PE.Rebuilding.Heap.Buffer.Overflow (Default_action updated to 'drop')
  • DesignWorks.Professional.CCT.Buffer.Overflow (Default_action updated to 'drop')
  • Dogfood.CRM.Spell.Remote.Command.Execution (Default_action updated to 'drop')
  • DRuby.Syscall.Code.Execution (Default_action updated to 'drop')
  • Drupal.BlogAPI.Code.Execution (Default_action updated to 'drop')
  • FathFTP.DeleteFile.Method.ActiveX.Arbitrary.File.Deletion (Default_action updated to 'drop')
  • FG-VD-09-019-Adobe (Default_action updated to 'drop')
  • FG-VD-09-021-Microsoft (Default_action updated to 'drop')
  • FG-VD-10-014-Microsoft (Default_action updated to 'drop')
  • FireStats.WordPress.Plugin.Multiple.XSS.Authentication.Bypass (Default_action updated to 'drop')
  • FPROT.Antivirus.CHM.Heap.Buffer.Overflow (Default_action updated to 'drop')
  • Freeamp.FAT.File.Handling.Overflow (Default_action updated to 'drop')
  • FTP.Client.List.Buffer.Overflow (Default_action updated to 'drop')
  • Fuctweb.CapCC.Plugin.For.WordPress.CAPTCHA.Security.Bypass (Default_action updated to 'drop')
  • Ghostscript.errprintf.PDF.Handling.Remote.Buffer.Overflow (Default_action updated to 'drop')
  • Google.Chrome.Metacharacter.Uri.Obfuscation (Default_action updated to 'drop')
  • Google.Chrome.Single.Thread.Alert.Out.Of.Bounds.Memory.Access (Default_action updated to 'drop')
  • Google.Chrome.Throw.Function.Null.Pointer.Dereference.DoS (Default_action updated to 'drop')
  • HTTP.ALINK.WL54AP3.And.WL54AP2.CSRF (Default_action updated to 'drop')
  • IntelliTamper.CFG.File.Buffer.Overflow (Default_action updated to 'drop')
  • Juniper.Networks.JUNOS.JWeb.Multiple.XSS.And.HTML.Injection (Default_action updated to 'drop')
  • MS.IE.8.DoS (Default_action updated to 'drop')
  • MS.IE.ChromeHTML.Command.Line.Parameter.Injection (Default_action updated to 'drop')
  • Multiple.Products.Unspecified.Library.MP4.File.Remote.DoS (Default_action updated to 'drop')
  • ooVoo.Uri.Handling.Remote.Buffer.Overflow (Default_action updated to 'drop')
  • P2P.Bittorrent.Created.By.Buffer.Overflow (Default_action updated to 'drop')
  • Psi.Malformed.Packet.Remote.DoS (Default_action updated to 'drop')
  • SAWStudio.PRF.Buffer.Overflow (Default_action updated to 'drop')
  • Second.Sight.Software.Multiple.ActiveX.Buffer.Overflow (Default_action updated to 'drop')
  • Siemens.Multiple.Gigaset.VoIP.Phones.SIP.Remote.DoS (Default_action updated to 'drop')
  • SonicWall.Content.Filtering.Universal.Script.Injection (Default_action updated to 'drop')
  • SWF.Opener.Buffer.Overflow (Default_action updated to 'drop')
  • TYPSoft.FTP.Server.APPE.and.DELE.Commands.DoS (Default_action updated to 'drop')
  • XAMPP.CSRF (Default_action updated to 'drop')