|
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 21 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.722 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 9 )
| AIX.Rpc.Cmsd.Buffer.Overflow Event ID: 17936 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attack attempt against a buffer overflow vulnerability in AIX Calendar Manager Service Daemon. The vulnerability is caused by an error when the vulnerable software handles a malicious rpc request. It allows a remote attacker to execute arbitrary code via sending a crafted request. Affected Products: IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier Reference IDs: |
| AwingSoft.Web3D.Player.WindsPly.Ocx.SceneURL.Access Event ID: 17943 |
Release Date: Dec 01, 2009 IPS Definitions DB Version: 2.720 |
|
Description: This indicates an attempt to exploit a code execution vulnerability in AwingSoft Web3D Player. The vulnerability is located in the "WindsPly.ocx" ActiveX control through miss-use of "SceneURL" method. It may allow remote attackers to execute arbitrary code in vulnerable systems. Affected Products: AwingSoft Awakening 3.0 with WindsPly.ocx v3.5.0.0 AwingSoft Winds3D Player 3.5 Reference IDs: |
| Conficker.C.P2P Event ID: 17522 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates detection of network traffic originating from a computer infected by Conficker.C. Conficker.C is a worm that performs outbound P2P scanning to search other peers infected by this worm. Affected Products: Microsoft Windows |
| HTTP.Ultra.Crypto.Sav.ToFile.ActiveX.File.Overwrite Event ID: 17909 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attempt to exploit a code execution vulnerability in Ultra Crypto Component. The vulnerability is located in the "CryptoX.dll" ActiveX control with overlay long argument to the "SaveToFile" method. It may allow remote attackers to download and install arbitrary files in vulnerable systems. Affected Products: Ultra Shareware Ultra Crypto Component 0 Reference IDs: |
| Mozilla.Firefox.Javascript.Event.Handler.Code.Execution Event ID: 17911 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attack attempt against a vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles addEventListener" or "setTimeout" elements. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox 2.0.0.5 and previous versions Reference IDs: |
| MS.IE.GetElementsByTagName.CSS.Handling.Code.Execution Event ID: 17968 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: It indicates a possible exploit of a remote code-execution vulnerability in Microsoft Internet Explorer. Affected Products: Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Reference IDs: |
| OpenBSD.IPv6.Fragment.Buffer.Overflow Event ID: 17560 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in OpenBSD. The vulnerability is due to insufficient bounds checking. It allows a remote attacker to execute arbitrary code via fragmented IPv6 packets. Affected Products: OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.6 OpenBSD 3.1 Reference IDs: |
| TWiki.Search.Shell.Command.Execution Event ID: 17937 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attack attempt against a command execution vulnerability in TWiki. The vulnerability is caused by an error when the vulnerable software handles a malicious HTTP request. It allows a remote attacker to execute arbitrary command via sending a crafted web page. Affected Products: TWiki before 4.2.4 Reference IDs: |
| Ultra.Crypto.Component.AcquireContext.Method.Access Event ID: 17910 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attempt to exploit a code execution vulnerability in Ultra Crypto Component. The vulnerability is located in the "CryptoX.dll" ActiveX control with overlay long argument to the "AcquireContext" method. It may allow remote attackers to download and install arbitrary files in vulnerable systems. Affected Products: Ultra Shareware Ultra Crypto Component 0 Reference IDs: |
High ( 21 )
| Adobe.0day.17992 Event ID: 17992 |
Release Date: Dec 03, 2009 IPS Definitions DB Version: 2.721 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.17994 Event ID: 17994 |
Release Date: Dec 03, 2009 IPS Definitions DB Version: 2.721 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| AlleyCode.Optimizer.Buffer.Overflow Event ID: 17861 |
Release Date: Dec 04, 2009 IPS Definitions DB Version: 2.722 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in AlleyCode. The vulnerability is caused by an error when the vulnerable software handles a malicious HTML file. It allows a remote attacker to execute arbitrary code via sending a crafted web page. Affected Products: Alleycode HTML Editor 2.x Reference IDs: |
| Blender.Embedded.Script.Command.Execution Event ID: 17913 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attack attempt against a Command Execution vulnerability in Blender. The vulnerability is caused by an error when the vulnerable software handles a malicious .blend file. It allows a remote attacker to execute arbitrary command via sending a crafted .blend file. Affected Products: Blender Blender 2.49b and prior Reference IDs: |
| IBM.Informix.Setnet32.NFX.Buffer.Overflow Event ID: 17912 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attack attempt against a buffer overflow vulnerability in IBM Informix Products Setnet32 Utility. The vulnerability is caused by an error when the vulnerable software handles a malicious .nfx file. It allows a remote attacker to execute arbitrary code via sending a crafted .nfx file. Affected Products: IBM Informix Client Software Development Kit (CSDK) 3.5 IBM Informix Connect 3.x Reference IDs: |
| IGMP.IPv4.Option.DoS Event ID: 17559 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attack attempt against a denial-of-service vulnerability in the Microsoft Windows TCP/IP stack driver. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Internet Group Management Protocol (IGMP) packet. It allows a remote attacker to cause a denial-of-service condition on the target host. Affected Products: Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 (Itanium) Microsoft Windows Server 2003 SP1 (Itanium) Microsoft Windows Server 2003 x64 Edition Reference IDs: |
| Mozilla.Firefox.External.Protocol.Handler.Command.Execution Event ID: 15344 |
Release Date: Dec 03, 2009 IPS Definitions DB Version: 2.721 |
|
Description: This indicates an attack attempt against a remote command execution vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted webpage. It allows a remote attacker to execute arbitrary command. Affected Products: Mozilla Firefox 2.0.5 and previous versions Reference IDs: |
| Mozilla.Firefox.JavaScript.Argument.Passing.Code.Execution Event ID: 17906 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox 2.0.0.1 and previous versions Mozilla Firefox 1.5.0.9 and previous versions Reference IDs: |
| Mozilla.Firefox.JavaScript.Engine.Integer.Overflow Event ID: 13145 |
Release Date: Dec 01, 2009 IPS Definitions DB Version: 2.720 |
|
Description: This indicates an attack attempt against an integer overflow vulnerability in the JavaScript engine in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox version 1.0.6 and previous versions Reference IDs: |
| Mozilla.Firefox.JavaScript.Frame.Reference.Code.Execution Event ID: 17915 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software does not properly clear a JavaScript reference to a frame or window. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox version 1.5.0.4 and previous versions Reference IDs: |
| Mozilla.Firefox.JavaScript.Integer.Overflow Event ID: 13139 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attack attempt against a integer overflow vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted JavaScript with a large regular expression. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox 1.5.0.1 and previous versions Mozilla Firefox 1.0.7 and previous versions Reference IDs: |
| Mozilla.Firefox.Object.Watch.Code.Execution Event ID: 13160 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox 1.5.0.1 and previous versions Mozilla Firefox 1.0.7 and previous versions Reference IDs: |
| Mozilla.Firefox.Resource.Directory.Traversal Event ID: 17948 |
Release Date: Dec 01, 2009 IPS Definitions DB Version: 2.720 |
|
Description: This indicates an attack attempt against a directory traversal vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to read arbitrary files. Affected Products: Mozilla Firefox 2.0.0.4 and previous versions Reference IDs: |
| Mozilla.Firefox.XBL.Code.Execution Event ID: 13130 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted eval in an XBL method binding (XBL.method.eval). It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox versions 1.5.0.1 and previous versions Mozilla Firefox versions 1.0.7 and previous versions Reference IDs: |
| Mozilla.Firefox.XBL.valueOf.Code.Execution Event ID: 13153 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox versions 1.5.0.1 and previous versions Mozilla Firefox versions 1.0.7 and previous versions Reference IDs: |
| Mozzila.Firefox.Location.Hostname.Dom.Property.Cookie.Theft Event ID: 15341 |
Release Date: Dec 03, 2009 IPS Definitions DB Version: 2.721 |
|
Description: This indicates an attempt to exploit one of several vulnerabilities in Mozilla based browsers. Mozilla based browsers allow remote attackers to bypass the "same origin" policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname DOM property. The vulnerability is due to interactions with the DNS resolver code. Affected Products: Firefox before 1.5.0.10 and 2.x before 2.0.0.2 SeaMonkey before 1.0.8 Reference IDs: |
| MS.Windows.X509.CN.Spoofing Event ID: 17810 |
Release Date: Dec 01, 2009 IPS Definitions DB Version: 2.720 |
|
Description: This indicates an attempt to exploit a certificate spoof vulnerability in Microsoft Windows. The vulnerability is caused by an error that occurs when the vulnerable software handles a spoofing certificate. It allows a remote attacker to spoof a certificate without indicator. Affected Products: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2* Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2* Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems* Windows Server 2008 R2 for Itanium-based Systems Reference IDs: |
| NNTP.XHDR.Range.Overflow Event ID: 17557 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attempt to exploit a buffer-overflow vulnerability in Microsoft Outlook Express and Microsoft Windows Mail for Vista. The vulnerability is a result of incorrect handling of a malformed NNTP response. A remote attacker can exploit the vulnerability by constructing a specially crafted web page and enticing victims to view it. A successful exploit allows execution of arbitrary code. Affected Products: Microsoft Outlook Express 5.5 Service Pack 2 Microsoft Outlook Express 6 Microsoft Outlook Express 6 Service Pack 1 Microsoft Windows Mail Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 SP1 (Itanium) Microsoft Windows Server 2003 SP2 (Itanium) Microsoft Windows Vista Microsoft Windows Vista x64 Edition Microsoft Windows XP Professional x64 Edition Reference IDs: |
| Oracle.Application.Server.10g.OPMN.Service.Http.Format.String Event ID: 17940 |
Release Date: Dec 01, 2009 IPS Definitions DB Version: 2.720 |
|
Description: This indicates an attack attempt against a format-string vulnerability in Oracle Application Server. The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code. Affected Products: Oracle Application Server 10g 10.1.2.3 Reference IDs: |
| TankLogger.ShowInfo.PHP.Livestock.Id.Parameter.SQL.Injection Event ID: 17941 |
Release Date: Dec 01, 2009 IPS Definitions DB Version: 2.720 |
|
Description: This indicates an attack attempt to exploit the SQL injection vulnerability in TankLogger web application. The vulnerability is a result of the application's failure to properly sanitize user input before using it in a SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server. Affected Products: TankLogger TankLogger 2.4 Reference IDs: |
| VLC.Player.MP4.Demuxer.Buffer.Overflow Event ID: 17916 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attack attempt against a buffer overflow vulnerability in VLC Media Player. The vulnerability is caused by an error when the vulnerable software handles a malicious .mp4 file. It allows a remote attacker to execute arbitrary code via sending a crafted .mp4 file. Affected Products: VLC Media Player version 1.0.1 and prior Reference IDs: |
Medium ( 1 )
| Teardrop Event ID: 17541 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an attack attempt against a denial-of-service vulnerability in the TCP/IP fragmentation re-assembly code in various operating systems. The vulnerability is caused by an error when the vulnerable system handles mangled IP fragments with overlapping, over-sized, payloads. It allows a remote attacker to crash the vulnerable system. Affected Products: Windows 3.1x Windows 95 Windows NT Linux prior to versions 2.0.32 and 2.1.63 |
Low ( 5 )
| IBM.Tivoli.Directory.Server.LDAP.DoS Event ID: 17939 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates a denial of service vulnerability in IBM Tivoli Directory Server. The vulnerability is caused by an error when the vulnerable software handle a crafted LDAP request. It allows a remote attacker to cause a denial of service via a crafted LDAP request. Affected Products: IBM Directory Server version 4.1 IBM Directory Server version 5.1 IBM Directory Server version 5.2 IBM Directory Server version 6.0 Reference IDs: |
| Invalid.Protocol.Header Event ID: 17542 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates an IP packet containing malformed IGMP, ESP, OSPF, GRE or PIM protocol header which doesn't comply with protocol specifications. Affected Products: There is no specific vulnerability associated with this signature. |
| Mozilla.Firefox.Javascript.Html.Escaped.Surrogates.XSS Event ID: 17918 |
Release Date: Nov 24, 2009 IPS Definitions DB Version: 2.718 |
|
Description: This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the HTML parser handles a specially crafted web page. It allows a remote attacker to bypass cross-site scripting (XSS) protection mechanisms and cause XSS attacks. Affected Products: Mozilla Firefox 3.0.1 and previous versions Mozilla Firefox 2.0.0.16 and previous versions Reference IDs: |
| Snort.TCP.SACK.Option.DoS Event ID: 17562 |
Release Date: Nov 26, 2009 IPS Definitions DB Version: 2.719 |
|
Description: This indicates a possible attack against a denial-of-service vulnerability in Snort. The vulnerability is in the PrintTcpOptions() function, and is caused by the function's inability to properly handle malformed TCP packets. An attacker may exploit this to cause a denial of service. Affected Products: Snort 2.4 .0 Snort 2.3.3 Snort 2.3.2 Snort 2.3.1 Snort 2.3 .0 Snort 2.2 Snort 2.1.3 Snort 2.1.1 RC1 Snort 2.1 .0 Snort 2.0.6 Snort 2.0.4 Snort 2.0 rc2 Snort 2.0 .0rc1 Snort 2.0 Reference IDs: |
| TCP.Out.Of.Range.Timestamp Event ID: 17677 |
Release Date: Dec 01, 2009 IPS Definitions DB Version: 2.720 |
|
Description: This indicates detection of a TCP packet with out-of-range Timestamps option. The Timestamps option is used in PAWS (Protect Against Wrapped Sequences). It carries two four-byte timestamp fields. The Timestamp Value field (TSval) contains the current value of the timestamp which is the time of the TCP sending the option. The Timestamp Echo Reply field (TSecr) contains a timestamp value that was sent by the remote TCP in the TSval field of a Timestamps option. Affected Products: Multiple Vendors' TCP implementations are vulnerable. Reference IDs: |
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 15 )
High ( 10 )
| Event Name | Revision Notes |
|---|---|
| Adobe.Reader.U3D.Mesh.Declaration.Memory.Corruption | Detection Enhanced |
| Adobe.Reader.U3D.Progressive.Mesh.Block.Code.Execution | Detection Enhanced |
| CA.BrightStor.ArcServe.Media.Service.Buffer.Overflow | Default_action updated to 'pass Detection Enhanced |
| eEye.Retina.WiFi.Scanner.RWS.Buffer.Overflow | Detection Enhanced |
| HTTP.URI.SQL.Injection | Detection Enhanced |
| Mozilla.Firefox.Plugin.FinderService.Script.Injection | Detection Enhanced |
| MS.IE.HTML.Tag.Memory.Corruption | Detection Enhanced |
| MS.IE.XML.Page.Object.Type.Validation | Detection Enhanced |
| MS.Windows.X509.OID.Spoofing | Detection Enhanced |
| Symantec.ConsoleUtilities.ActiveX.Control.Buffer.Overflow | Status updated to 'disable |
Medium ( 5 )
| Event Name | Revision Notes |
|---|---|
| MS.IE.Event.Handling.Cross.Domain.Security.Bypass | Detection Enhanced |
| MS.IE.HTML.Element.Cross.Domain.Security.Bypass | Detection Enhanced |
| MS.RDS.Dataspace.ActiveX.Vuln | Detection Enhanced |
| MS.Windows.LSASS.NTLM.Authentication.DoS | Detection Enhanced |
| SafeNet.SoftRemote.GROUPNAME.Buffer.Overflow | Severity updated to 'high |
Low ( 2 )
| Event Name | Revision Notes |
|---|---|
| MS.MSXML.DTD.Cross.Domain.Scripting | Detection Enhanced |
| MS.RTF.Object.Package.Download.Attempt | Previous name: "Microsoft.RTF.Object.Package.Downl... |
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 7 of 21 )
High ( 6 of 30 )
Medium ( 3 of 5 )
| Event Name | Active Exploitation Observed | Magnitude |
|---|---|---|
| MS.IE.Event.Handling.Cross.Domain.Security.Bypass | No | n/a |
| MS.IE.HTML.Element.Cross.Domain.Security.Bypass | Yes | Low |
| MS.RDS.Dataspace.ActiveX.Vuln | Yes | Low |
| MS.Windows.LSASS.NTLM.Authentication.DoS | Yes | High |
| Teardrop | No | n/a |
Low ( 4 of 6 )
| Event Name | Active Exploitation Observed | Magnitude |
|---|---|---|
| IBM.Tivoli.Directory.Server.LDAP.DoS | No | n/a |
| Invalid.Protocol.Header | Yes | High |
| Mozilla.Firefox.Javascript.Html.Escaped.Surrogates.XSS | No | n/a |
| MS.MSXML.DTD.Cross.Domain.Scripting | Yes | Low |
| Snort.TCP.SACK.Option.DoS | Yes | Low |
| TCP.Out.Of.Range.Timestamp | Yes | High |
Top of Section
Document History
| Revision Date | Version Number | |
|---|---|---|
| Monday, December 07, 2009 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
