|
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 7 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.732 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 11 )
| Apple.Quicktime.FIRE.Codec.Heap.Buffer.Overflow Event ID: 17977 |
Release Date: Dec 22, 2009 IPS Definitions DB Version: 2.729 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Apple Quicktime. The vulnerability is caused by an error when the vulnerable software handles a malicious .mov file. It allows a remote attacker to execute arbitrary code via sending a crafted .mov file. Affected Products: Apple QuickTime before 7.6.2 Reference IDs: |
| Apple.QuickTime.FLC.File.Processing.Code.Execution Event ID: 17472 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt to exploit a remote code-execution vulnerability in Apple QuickTime. The vulnerability is caused by an error when parsing malformed FLC files. It can be exploited via a crafted FLC file, leading to remote code execution. Affected Products: Apple QuickTime versions prior to 7.6.2 Reference IDs: |
| Apple.Safari.Malformed.SVGList.Parsing.Code.Execution Event ID: 17452 |
Release Date: Dec 22, 2009 IPS Definitions DB Version: 2.729 |
|
Description: This indicates an attack attempt to exploit a remote code-execution vulnerability in Apple Safari. The vulnerability is caused by an error when parsing malformed SVGLists. It can be exploited via a crafted web page, leading to remote code execution. Affected Products: Apple Safari 3.2.2 for Windows Apple Safari 3.1.2 for Windows Apple Safari 3.1.2 Apple Safari 3.1.1 for Windows Apple Safari 3.1.1 Apple Safari 3.0.4 Beta for Windows Apple Safari 3.0.3 Apple Safari 3.0.3 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 4 Beta Apple Safari 4 Beta Apple Safari 3.2 Apple Safari 3.1 for Windows Apple Safari 3.1 Apple Safari 3 Beta for Windows Apple Safari 3 Beta Apple Safari 3 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5 Apple iPod Touch 2.2.1 Apple iPod Touch 2.0.2 Apple iPod Touch 2.0.1 Apple iPod Touch 1.1.4 Apple iPod Touch 1.1.3 Apple iPod Touch 1.1.2 Apple iPod Touch 1.1.1 Apple iPod Touch 2.2 Apple iPod Touch 2.1 Apple iPod Touch 2.0 Apple iPod Touch 1.1 Apple iPhone 2.2.1 Apple iPhone 2.0.2 Apple iPhone 2.0.1 Apple iPhone 1.1.4 Apple iPhone 1.1.3 Apple iPhone 1.1.2 Apple iPhone 1.1.1 Apple iPhone 1.0.2 Apple iPhone 1.0.1 Apple iPhone 2.2 Apple iPhone 2.1 Apple iPhone 2.0 Apple iPhone 1.1 Apple iPhone 1 Reference IDs: |
| Eureka.Mail.Client.Error.Buffer.Overflow Event ID: 18010 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Eureka Mail Client. The vulnerability is caused by an error when the vulnerable software handles a malicious POP3 error response. It allows a remote attacker to execute arbitrary code via sending a crafted POP3 response. Affected Products: Eureka Email 2.x Reference IDs: |
| HP.LoadRunner.XUpload.MakeHttpRequest.ActiveX.Control.Access Event ID: 17986 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against an arbitrary file download and execute vulnerability in HP LoadRunner. The vulnerability is caused by an error when the Persits.XUpload ActiveX control handles a specially crafted web page. It allows a remote attacker to overwrite credential files on the target system. Affected Products: HP Mercury LoadRunner Agent 9.5 Reference IDs: |
| HP.OpenView.NNM.Perl.CGI.Command.Injection Event ID: 18039 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a remote command execution vulnerability in Hewlett-Packard OpenView Network Node Manager. A vulnerability has been reported in Hewlett-Packard OpenView Network Node Manager that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the hostname parameter value that is passed to "setMon.ovpl". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST request. Affected Products: HP OpenView Network Node Manager 7.50 Windows 2000/XP HP OpenView Network Node Manager 7.50 Solaris HP OpenView Network Node Manager 7.50 Linux HP OpenView Network Node Manager 7.50 HP-UX 11.X HP OpenView Network Node Manager 7.50 HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.50 HP OpenView Network Node Manager 7.01 Reference IDs: |
| MS.Windows.Intel.Indeo.Codec.Parsing.Heap.Overflow Event ID: 18026 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a heap overflow vulnerability in Microsoft Windows Intel Indeo Codec. The vulnerability is caused by an error when the vulnerable library handles a malicious video file. It allows a remote attacker to execute arbitrary code via sending a crafted AVI file. Affected Products: Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Reference IDs: |
| MS.Windows.Intel.Indeo.Codec.Parsing.Stack.Overflow Event ID: 18027 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a stack overflow vulnerability in Microsoft Intel Indeo codec. The vulnerability is caused by an error when the vulnerable library handles a malicious file. It allows a remote attacker to execute arbitrary code via sending a crafted web page embedding a video file. Affected Products: Microsoft Windows 2000 SP4 Microsoft Windows XP SP3 Microsoft Windows 2003 SP2 Reference IDs: |
| ProShow.Gold.PSH.Buffer.Overflow Event ID: 18029 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Photodex ProShow Gold. The vulnerability is caused by an error when the vulnerable software handles a malicious project file. It allows a remote attacker to execute arbitrary code via sending a crafted .psh file. Affected Products: Photodex ProShow Gold 4.0.2549 Reference IDs: |
| Sun.Java.HsbParser.GetSoundBank.Stack.Buffer.Overflow Event ID: 17972 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Sun's Java Runtime Environment. The vulnerability is caused by an error when the vulnerable software handles a long file:// URL argument to the getSoundbank() function. It allows a remote attacker to execute arbitrary code. Affected Products: Sun Java JDK and JRE version 6 Update 16 and previous versions Sun Java JDK and JRE version 5.0 Update 21 and previous versions Sun Java SDK and JRE version 1.4.2_23 and previous versions Sun Java SDK and JRE version 1.3.1_26 and previous versions Reference IDs: |
| Symantec.Veritas.VRTSweb.EXE.Code.Execution Event ID: 18042 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Symantec Veritas VRTSweb Products. The vulnerability is caused by an error when the vulnerable software handles a malicious XML request. It allows a remote attacker to execute arbitrary code via sending a crafted package. Affected Products: Symantec Veritas Storage Foundation for Windows High Availability 5.1 and earlier versions Reference IDs: |
High ( 13 )
| Apple.Quicktime.PICT.Unspecified.Tag.Heap.Overflow Event ID: 17461 |
Release Date: Dec 22, 2009 IPS Definitions DB Version: 2.729 |
|
Description: This indicates an attack attempt to exploit a remote code-execution vulnerability in Apple Quicktime. The vulnerability is caused by an error when parsing a malformed tag in PICT files. It can be exploited via a crafted PICT file, leading to remote code execution. Affected Products: Apple QuickTime Player 7.6.1 Apple QuickTime Player 7.5.5 Apple QuickTime Player 7.4.5 Apple QuickTime Player 7.4.1 Apple QuickTime Player 7.3.1 .70 Apple QuickTime Player 7.3.1 Apple QuickTime Player 7.1.6 Apple QuickTime Player 7.1.5 Apple QuickTime Player 7.1.4 Apple QuickTime Player 7.1.3 Apple QuickTime Player 7.1.2 Apple QuickTime Player 7.1.1 Apple QuickTime Player 7.0.4 Apple QuickTime Player 7.0.3 Apple QuickTime Player 7.0.2 Apple QuickTime Player 7.0.1 Apple QuickTime Player 7.0 Apple QuickTime Player 7.6 Apple QuickTime Player 7.5 Apple QuickTime Player 7.4 Apple QuickTime Player 7.4 Apple QuickTime Player 7.3 Apple QuickTime Player 7.2 Apple QuickTime Player 7.1 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 Reference IDs: |
| Apple.Safari.SVG.SettargetElement.Memory.Corruption Event ID: 17964 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a command execution vulnerability in Apple Safari software. The vulnerability is caused by an error when the vulnerable software handles SVG animation elements. It allows a remote attacker to execute arbitrary code via sending a crafted web page. Affected Products: Apple Safari before 4.0. Reference IDs: |
| CA.Unicenter.Software.Delivery.Stack.Overflow Event ID: 17655 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a buffer overflow vulnerability in a token searching function in the dtscore library in Data Transport Services of CA Software Delivery. The vulnerability is caused by an error when the vulnerable software handles a specially crafted packet. It allows a remote attacker to execute arbitrary code. Affected Products: CA Software Delivery r11.2 C1 CA Software Delivery r11.2 C2 CA Software Delivery r11.2 C3 CA Software Delivery r11.2 SP4 CA Unicenter Software Delivery 4.0 C3 Reference IDs: |
| DAZ.Studio.Arbitrary.Script.Execution Event ID: 18011 |
Release Date: Dec 22, 2009 IPS Definitions DB Version: 2.729 |
|
Description: This indicates an attack attempt against a command-execution vulnerability in DAZ Studio. The vulnerability is caused by an error when the vulnerable software handles a malicious .ds script. It allows a remote attacker to execute arbitrary code via sending a crafted .ds script. Affected Products: DAZ Studio 2.3.3.161 DAZ Studio 2.3.3.163 DAZ Studio 3.0.1.135 Other older versions are possibily affected too Reference IDs: |
| EMC.AutoStart.Backbone.Service.Code.Execution Event ID: 17222 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt to exploit a remote code-execution vulnerability in EMC AutoStart. The vulnerability is caused by an error when the Backbone service (ftbackbone.exe) parses a malformed packet. It can be exploited via a crafted TCP packet, leading to remote code execution. Affected Products: EMC AutoStart 5.3 SP1 EMC AutoStart 5.3 Reference IDs: |
| EMC.RepliStor.Server.Service.DoASOCommand.Code.Execution Event ID: 17967 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a remote code-execution vulnerability in EMC RepliStor. The vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet. It allows a remote attacker to execute arbitrary code. Affected Products: EMC RepliStor Reference IDs: |
| GAlan.Galan.File.Stack.Overflow Event ID: 18034 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt to exploit a remote code-execution vulnerability in gAlan. The vulnerability is caused by an error when handling malformed gAlan files (.galan). It can be exploited via a crafted gAlan file, leading to remote code execution. Affected Products: gAlan 0.2.1 Reference IDs: |
| IDAutomation.Barcode.ActiveX.Control.Access Event ID: 17984 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a vulnerability in IDAutomation. The vulnerability is caused by an error when the IDAutomation Barcode activeX controls handles specially crafted web pages. It allows a remote attacker to overwrite arbitrary files. Affected Products: IDAutomation PDF417 Barcode Font and Encoder 1.6 6 IDAutomation Linear Barcode ActiveX Control 1.6 6 IDAutomation Data Matrix Barcode Font & Encoder 1.6 6 IDAutomation Aztec Barcode Font & Encoder 1.7.1 0 Reference IDs: |
| IDEAL.Administration.2009.IPJ.File.Buffer.Overflow Event ID: 18032 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt to exploit a remote code execution vulnerability in IDEAL Administration. The vulnerability is caused by an error when handling malformed IPJ file(.ipj). It can be exploited via a crafted IPJ file, leading to remote code execution. Affected Products: IDEAL Administration 2009 (v9.7) Reference IDs: |
| Koobface.CC.Response Event ID: 18038 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates Koobface command-and-control (C&C) activity from within the network. Affected Products: Microsoft Windows Operating Systems Reference IDs:
|
| Oracle.Document.Capture.EasyMail.ActiveX.Control.Access Event ID: 17988 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Oracle Document Capture which is integrated with Oracle Imaging and Process Management and Oracle Universal Content Management products. The vulnerability is caused by an error when the EasyMail IMAP4 ActiveX component handles a specially crafted LicenseKey property. It allows a remote attacker to execute arbitrary code. Affected Products: Oracle Document Capture 10.1.3.5.0 Reference IDs: |
| SumatraPDF.Shading.Processing.Buffer.Overflow Event ID: 18022 |
Release Date: Dec 22, 2009 IPS Definitions DB Version: 2.729 |
|
Description: This indicates an attack attempt against a buffer overflow vulnerability in SumatraPDF. The vulnerability is caused by an error when the vulnerable software handles specially crafted PDF. It allows a remote attacker to execute arbitrary code via sending a crafted .pdf file. Affected Products: SumatraPDF 0.9.3 and earlier Reference IDs: |
| Xenorate.XPL.File.Handling.Buffer.Overflow Event ID: 18035 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt to exploit a remote code-execution vulnerability in Xenorate. The vulnerability is caused by an error when handling malformed XPL files (.xpl). It can be exploited via a crafted XPL file, leading to remote code execution. Affected Products: Xenorate 2.50 Reference IDs: |
Medium ( 5 )
| Apple.Safari.User.Field.URL.Bar.Spoofing Event ID: 18000 |
Release Date: Dec 22, 2009 IPS Definitions DB Version: 2.729 |
|
Description: This indicates an attack attempt against a spoofing vulnerability in the Safari software. The vulnerability is caused by a design error. It allows a remote attacker to execute malware code via sending a crafted web page. Affected Products: Safari 3.1.1 Reference IDs: |
| Audio.Workstation.Pls.Buffer.Overflow Event ID: 18036 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Audio Workstation. The vulnerability is caused by an error when the vulnerable software handles a malicious PLS file with the Audio Workstation. It allows a remote attacker to execute arbitrary code via sending a crafted web page. Affected Products: Audio Workstation 6.4.2.4.3 Reference IDs: |
| GestArt.Aide.PHP.Remote.File.Inclusion Event ID: 17981 |
Release Date: Dec 22, 2009 IPS Definitions DB Version: 2.729 |
|
Description: This indicates an attack attempt against a PHP remote file-inclusion vulnerability in Michel PRADEL GestArt. The vulnerability is caused by an error when aide.php handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary PHP code. Affected Products: Michel PRADEL GestArt beta 1 Reference IDs: |
| MS.IIS.File.Extension.Processing.Security.Bypass Event ID: 18076 |
Release Date: Dec 30, 2009 IPS Definitions DB Version: 2.732 |
|
Description: This indicates an attack attempt to exploit an authentication-bypass vulnerability in Microsoft Windows IIS Server. The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious JPG file. A remote attacker may exploit this to bypass the authentication via a crafted HTTP request. Affected Products: Microsoft IIS 6 Reference IDs: |
| VideoLAN.VLC.Media.Player.MP4_BoxDumpStructure.Buffer.Overflow Event ID: 18002 |
Release Date: Dec 29, 2009 IPS Definitions DB Version: 2.731 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in VideoLAN VLC media player. The vulnerability is caused by an error when the vulnerable software handles a specially crafted ".mp4" file. It allows a remote attacker to execute arbitrary code. Affected Products: VideoLAN VLC media player 1.0.1 and previous versions Reference IDs: |
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 17 )
High ( 11 )
| Event Name | Revision Notes |
|---|---|
| Adobe.Flash.Media.Server.Directory.Traversal | Previous name: "Adobe.0day.17994" |
| Adobe.Flash.Media.Server.Resource.Exhaustion.DoS | Previous name: "Adobe.0day.17992" |
| Adobe.Reader.U3D.Mesh.Declaration.Memory.Corruption | Detection Enhanced |
| AltN.Technologies.Security.Gateway.Username.Buffer.Overflow | Previous name: "Alt-N.Technologies.SecurityGateway... |
| Apple.Safari.Floating.Point.Parsing.Buffer.Overflow | Default_action updated to 'drop |
| HP.OpenView.Network.Node.Manager.Buffer.Overflow | Default_action updated to 'pass Detection Enhanced |
| LSASS.LDAP.Stack.Overflow | Detection Enhanced |
| Mozilla.Firefox.Layout.Crash | Detection Enhanced |
| MS.Help.Workshop.Buffer.Overflow | Detection Enhanced |
| MS.IE.Event.Object.Code.Execution | Detection Enhanced |
| SAP.GUI.Accept.Method.ActiveX.Control.Access | Detection Enhanced |
Medium ( 8 )
| Event Name | Revision Notes |
|---|---|
| Adobe.RoboHelp.Server.SQL.Injection | Default_action updated to 'drop |
| Benders.Calendar.PHP.SQL.Injection | Detection Enhanced |
| Mozilla.Firefox.PKCS11.Privilege.Elevation | Default_action updated to 'drop |
| Mozilla.Firefox.XSL.Parsing.Remote.Memory.Corruption | Default_action updated to 'drop |
| MS.IE.NavCancel.HTM.XSS | Default_action updated to 'pass Detection Enhanced |
| MS.Windows.GDI.Library.EMF.DoS | Detection Enhanced |
| Oracle.Database.REPCAT_RPC.VALIDATE_REMOTE_RC.SQL.Injection | Default_action updated to 'drop |
| Squid.StrListGetItem.DoS | Default_action updated to 'drop |
Low ( 2 )
| Event Name | Revision Notes |
|---|---|
| MS.IE.Keystroke.Events.Handling.Arbitrary.File.Upload | Detection Enhanced |
| TrackerCam.User-Agent.Buffer.Overflow | Previous name: "TrackerCam.User-Agent.BufferOverfl... |
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 3 of 19 )
High ( 1 of 20 )
Medium ( 2 of 8 )
| Event Name | Active Exploitation Observed | Magnitude |
|---|---|---|
| Apple.Safari.User.Field.URL.Bar.Spoofing | No | n/a |
| Audio.Workstation.Pls.Buffer.Overflow | No | n/a |
| Benders.Calendar.PHP.SQL.Injection | No | n/a |
| GestArt.Aide.PHP.Remote.File.Inclusion | No | n/a |
| MS.IE.NavCancel.HTM.XSS | Yes | Low |
| MS.IIS.File.Extension.Processing.Security.Bypass | Yes | Low |
| MS.Windows.GDI.Library.EMF.DoS | No | n/a |
| VideoLAN.VLC.Media.Player.MP4_BoxDumpStructure.Buffer.Overflow | No | n/a |
Low ( 0 of 1 )
| Event Name | Active Exploitation Observed | Magnitude |
|---|---|---|
| MS.IE.Keystroke.Events.Handling.Arbitrary.File.Upload | No | n/a |
Top of Section
Document History
| Revision Date | Version Number | |
|---|---|---|
| Monday, January 04, 2010 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
