Post on 11-May-2023
IPS Signature Update
November 2019 Page 2 of 39
Release Information
Upgrade Applicable on
IPS Signature Release Version 9.16.43
Sophos Appliance Models
CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P,CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F,CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P,CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P,CR1500i-12P, CR1500ia, CR1500ia10FCR25iNG, CR25iNG-6P, CR35iNG, CR50iNG,CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG-XP, CR750iNG-XP, CR2500iNG, CR25wiNG,CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C,CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650
Upgrade Information
Upgrade type: Automatic
Compatibility Annotations: None
IntroductionThe Release Note document for IPS Signature Database Version 9.16.44 includes support for the newsignatures. The following sections describe the release in detail.
New IPS SignaturesThe Sophos Intrusion Prevention System shields the network from known attacks by matching thenetwork traffic against the signatures in the IPS Signature Database. These signatures are developed tosignificantly increase detection performance and reduce the false alarms.
Report false positives at support@sophos.com, along with the application details.
IPS Signature Update
November 2019 Page 3 of 39
This IPS Release includes Three Hundred and Twelve(312) signatures to address Two Hundred and EightyOne(281) vulnerabilities.
New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-IE MicrosoftEdge CVE-2016-7288TypedArray.sort UseAfter Free
CVE-2016-7288 Browsers 1
BROWSER-IE MicrosoftEdge CVE-2018-8242Remote Code Execution
CVE-2018-8242 Browsers 2
BROWSER-IE MicrosoftEdge JavaScriptReverseHelper bufferoverrun attempt
CVE-2016-7202 Browsers 2
BROWSER-IE MicrosoftEdge out of boundswrite attempt
CVE-2018-0777 Browsers 2
BROWSER-IE MicrosoftEdge type confusionvulnerability attempt
CVE-2018-8384 Browsers 2
BROWSER-IE MicrosoftInternet Explorer 11CMarkupGetMarkupTitle use-after-free attempt
CVE-2014-4130 Browsers 2
BROWSER-IE MicrosoftInternet Explorer andEdge CVE-2016-3247Memory Corruption I
CVE-2016-3247 Browsers 1
BROWSER-IE MicrosoftInternet ExplorerCAttribute to
CVE-2015-6142 Browsers 1
IPS Signature Update
November 2019 Page 4 of 39
CStyleAttrArray typeconfusion attempt
BROWSER-IE MicrosoftInternet ExplorerChakra.dll Array.filtertype confusion attempt
CVE-2016-7200 Browsers 2
BROWSER-IE MicrosoftInternet Explorer classidremote code executionattempt
CVE-2016-7195 Browsers 2
BROWSER-IE MicrosoftInternet Explorer CVE-2016-0002 EdgeMemory Corruption II
CVE-2016-0002 Browsers 1
BROWSER-IE MicrosoftInternet Explorer CVE-2016-3288 MemoryCorruption II
CVE-2016-3288 Browsers 1
BROWSER-IE MicrosoftInternet Explorer CVE-2016-7241 EdgeJSON.parse TypeConfusion
CVE-2016-7241 Browsers 1
BROWSER-IE MicrosoftInternet Explorer CVE-2017-0059 CStr UseAfter Free
CVE-2017-0059 Browsers 2
BROWSER-IE MicrosoftInternet Explorerjavascript memorycorruption attempt
CVE-2018-1001 Browsers 2
BROWSER-IE MicrosoftInternet ExplorerSComputedStyledestructor out of
CVE-2015-6140 Browsers 1
IPS Signature Update
November 2019 Page 5 of 39
bounds read attempt
BROWSER-IE MicrosoftInternet ExplorerVBScript remote codeexecution attempt
CVE-2018-0889 Browsers 1
BROWSER-IE MicrosoftInternet ExplorerVBScript remote codeexecution attempt
CVE-2018-8174 Browsers 2
BROWSER-IE MicrosoftInternet Explorer XDRPrototype HijackingDenial of Service
Browsers 1
BROWSER-IE MicrosoftWindows PDF LibraryCVE-2016-3319Memory Corruption I
CVE-2016-3319 Browsers 1
BROWSER-OTHERMicrosoft Edge CVE-2016-7206 RemoteCode ExecutionVulnerability
CVE-2016-7206 Browsers 1
BROWSER-OTHER SafariDenial Of ServiceVulnerability
CVE-2016-1779 Browsers 2
BROWSER-OTHER SafariSame Origin PolicyBypass Vulnerability
CVE-2017-2446 Browsers 2
BROWSER-PLUGINSTrend Micro ControlManagerThreatDistributedTrailThreatName SQLInjection CVE-2018-
CVE-2018-3606 Browsers 1
IPS Signature Update
November 2019 Page 6 of 39
3606
FILE-FLASH Adobe FlashPlayerABRControlParametersaccess memorycorruption attempt
CVE-2016-4185 Multimedia 1
FILE-FLASH Adobe FlashPlayer AS2 setIntervaluse after free attempt
CVE-2016-0988 Multimedia 1
FILE-FLASH Adobe FlashPlayer ASnative customgetter use after freeattempt
CVE-2016-0983 Multimedia 1
FILE-FLASH Adobe FlashPlayer ASnativesetFocus use after freeattempt
CVE-2016-7864 Multimedia 1
FILE-FLASH Adobe FlashPlayerBitmapData.applyFilteraccess violation attempt
CVE-2016-0961 Multimedia 1
FILE-FLASH Adobe FlashPlayerBitmapData.copyChannel access violationattempt
CVE-2016-0960 Multimedia 1
FILE-FLASH Adobe FlashPlayer BitmapDatamethod memorycorruption attempt
CVE-2016-0969 Multimedia 1
FILE-FLASH Adobe FlashPlayer BlurFiltermemory corruptionattempt
CVE-2016-0964 Multimedia 1
IPS Signature Update
November 2019 Page 7 of 39
FILE-FLASH Adobe FlashPlayer CVE-2016-4227ActionScript setFocusUse After Free Attempt
CVE-2016-4227 Multimedia 2
FILE-FLASH Adobe FlashPlayerDisplacementMapFiltermapBitmap use afterfree attempt
CVE-2015-8448 Multimedia 1
FILE-FLASH Adobe FlashPlayerduplicateMovieClip useafter free attempt
CVE-2016-1013 Multimedia 1
FILE-FLASH Adobe FlashPlayer improper displaylist handling memorycorruption attempt
CVE-2015-8459 Multimedia 1
FILE-FLASH Adobe FlashPlayer LoadVars use-after-free attempt
CVE-2016-0974 Multimedia 1
FILE-FLASH Adobe FlashPlayer malformed ATFbuffer overflow attempt
CVE-2018-4871 Multimedia 2
FILE-FLASH Adobe FlashPlayerMediaPlayerItemLoaderout of bounds memoryaccess attempt
CVE-2016-4182 Multimedia 1
FILE-FLASH Adobe FlashPlayer MessageChanneltype confusion attempt
CVE-2017-2995 Multimedia 2
FILE-FLASH Adobe FlashPlayer movieclipattachbitmap use-after-
CVE-2015-8410 Multimedia 2
IPS Signature Update
November 2019 Page 8 of 39
free attempt CVE-2015-8410
FILE-FLASH Adobe FlashPlayer MovieClipmethod use after freeattempt
CVE-2015-8639 Multimedia 1
FILE-FLASH Adobe FlashPlayer MovieClip objectuse-after-free attempt
CVE-2015-8449 Multimedia 1
FILE-FLASH Adobe FlashPlayer overly large cpoolindex out of boundsread attempt
CVE-2017-3106 Multimedia 1
FILE-FLASH Adobe FlashPlayer PSDKEventDispatchremoveEventListeneruse after free attempt
CVE-2017-2994 Multimedia 2
FILE-FLASH Adobe FlashPlayer Rectangleconstructor use afterfree attempt
CVE-2016-4228 Multimedia 1
FILE-FLASH Adobe FlashPlayer rectanglememory accessviolation attempt
CVE-2016-0978 Multimedia 1
FILE-FLASH Adobe FlashPlayer recursion callsstack overflow attempt
CVE-2016-0986 Multimedia 1
FILE-FLASH Adobe FlashPlayerSelection.SetSelectionuse-after-free attempt
CVE-2015-8413 Multimedia 1
IPS Signature Update
November 2019 Page 9 of 39
FILE-FLASH Adobe FlashPlayer SharedObjectsend stack bufferoverflow attempt
CVE-2015-8407 Multimedia 1
FILE-FLASH Adobe FlashPlayer SoundURLStreammemory corruptionattempt
CVE-2015-8408 Multimedia 1
FILE-FLASH Adobe FlashPlayer String lengthheap buffer overflowattempt
CVE-2015-8438 Multimedia 1
FILE-FLASH Adobe FlashPlayer TextField filtersuse-after-free attempt
CVE-2015-8450 Multimedia 1
FILE-FLASH Adobe FlashPlayer TextField setteruse after free attempt
CVE-2015-8420 Multimedia 1
FILE-FLASH Adobe FlashPlayerTextFormat.tabStopsuse after free attempt
CVE-2015-8435 Multimedia 1
FILE-FLASH Adobe FlashPlayer toString typeconfusion memorycorruption attempt
CVE-2016-1019 Multimedia 1
FILE-FLASH Adobe FlashPlayer URLStream useafter free attempt
CVE-2015-8048 Multimedia 1
FILE-FLASH Adobe FlashPlayer use after freeattempt
CVE-2018-4932 Multimedia 2
FILE-FLASH Adobe CVE-2016- Multimedia 1
IPS Signature Update
November 2019 Page 10 of 39
Standalone Flash PlayerASnative object useafter free attempt
0991
FILE-IDENTIFY AdobeAcrobat JOBOPTIONSFile Parsing Out ofBounds Read
CVE-2019-7109
Applicationand Software 4
FILE-IDENTIFYEmbedded Open TypeFont file magic detected
Applicationand Software 4
FILE-IDENTIFY PortableExecutable Binary FileMagic Detected
Applicationand Software 4
FILE-IDENTIFY RAR filemagic detected
Applicationand Software 4
FILE-IDENTIFY WindowsMedia Metafile filedownload request
Applicationand Software 4
FILE-IMAGE AdobeAcrobat Professionalmalformed PCXmemory corruptionattempt
CVE-2017-3116 Multimedia 2
FILE-IMAGE AdobeAcrobat Pro malformedJPEG tag data bufferoverflow attempt
CVE-2018-4909 Multimedia 1
FILE-IMAGE AdobeAcrobat Pro malformedTIFF out of bounds readattempt CVE-2018-5044
CVE-2018-5044 Multimedia 1
FILE-IMAGE AdobeAcrobat Pro malformed
CVE-2017-3049 Multimedia 2
IPS Signature Update
November 2019 Page 11 of 39
TIF heap overflowattempt
FILE-IMAGE AdobeAcrobat Pro TIFFembedded XPS file outof bounds read attempt
CVE-2018-4903 Multimedia 1
FILE-IMAGE AdobeAcrobat TIFF ICC tagheap buffer overflowattempt
CVE-2017-2963 Multimedia 1
FILE-IMAGE AdobeAcrobat TIFFPhotometricInterpretation heap buffer overflowattempt
CVE-2017-2966 Multimedia 1
FILE-IMAGE AdobeAcrobat XPS heapoverflow attempt
CVE-2018-12837 Multimedia 2
FILE-IMAGE AdobeReader malformedapp13 marker memorycorruption attempt
CVE-2017-2964 Multimedia 1
FILE-IMAGE AppleQuicktime malformedFPX file memorycorruption attempt
CVE-2016-1767 Multimedia 2
FILE-MULTIMEDIAAdobe AcrobatProfessional EMFmalformedEMR_POLYBEZIERTO16out of bounds accessattempt
CVE-2017-11238 Multimedia 2
FILE-MULTIMEDIAAdobe Acrobat XPS CVE- CVE-2018- Multimedia 3
IPS Signature Update
November 2019 Page 12 of 39
2018-4889 JPEG Out ofBounds Read
4889
FILE-MULTIMEDIAAdobe Flash CVE-2017-3076 AVC EdgeProcessing Out ofBounds Read
CVE-2017-3076 Multimedia 2
FILE-MULTIMEDIAAdobe Professional EMFmalformedEMR_STRETCHDIBITSrecord memorycorruption attempt
CVE-2017-11271 Multimedia 2
FILE-OFFICE AdobeAcrobatImageConversion JPEGOut-of-Bounds Read
CVE-2017-2960 Office Tools 1
FILE-OFFICE EMFcorruption attempt
CVE-2007-5746 Office Tools 2
FILE-OFFICE MicrosoftJET Database remotecode execution attempt
CVE-2018-1003 Office Tools 2
FILE-OFFICE MicrosoftOffice Excel malformedLabel record exploitattempt
CVE-2004-0846 Office Tools 2
FILE-OFFICE MicrosoftOffice Graph CVE-2018-8157 Chart Out-Of-Bounds Write
CVE-2018-8157 Office Tools 2
FILE-OFFICE MicrosoftOffice Outlook HTMLacronym tag memorycorruption attempt
CVE-2018-8161 Office Tools 2
IPS Signature Update
November 2019 Page 13 of 39
FILE-OFFICE MicrosoftOffice PowerPointOfficeArt atom memorycorruption attempt
CVE-2011-0976 Office Tools 2
FILE-OFFICE MicrosoftOffice PowerPoint outof bounds value remotecode execution attempt
CVE-2010-0032 Office Tools 2
FILE-OFFICE MicrosoftOutlook email rules filememory corruptionattempt
CVE-2018-8582 Office Tools 2
FILE-OFFICE MicrosoftOutlook RWZ CVE-2018-8587 Integer Overflow
CVE-2018-8587 Office Tools 2
FILE-OTHER2015_6130_Flag Set
CVE-2015-6130
Applicationand Software 4
FILE-OTHER AcrobatReader CVE-2018-12838Information DisclosureVulnerability
CVE-2018-12838
Applicationand Software 2
FILE-OTHER AcrobatReader CVE-2018-12845Information DisclosureVulnerability
CVE-2018-12845
Applicationand Software 2
FILE-OTHER AcrobatReader CVE-2018-15948Information DisclosureVulnerability
CVE-2018-15948
Applicationand Software 2
FILE-OTHER AdobeAcrobat and ReaderdocID Stack BufferOverflow leak CVE-2018-4901
CVE-2018-4901
Applicationand Software 1
IPS Signature Update
November 2019 Page 14 of 39
FILE-OTHER AdobeAcrobat CVE-2018-5061ImageConversion EMFEmfPlusDrawBeziersOut-Of-Bounds Read
CVE-2018-5061
Applicationand Software 2
FILE-OTHER AdobeAcrobat EMF filekerning data memorycorruption attempt
CVE-2017-11239
Applicationand Software 2
FILE-OTHER AdobeAcrobat out of boundsread attempt
CVE-2019-7049
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro CVE-2018-4893 XPS Out OfBounds Read Attempt
CVE-2018-4893
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro CVE-2018-4896 Out Of BoundsRead Attempt
CVE-2018-4896
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro CVE-2018-4904 Embedded TIFFHeap Overflow AttemptII
CVE-2018-4904
Applicationand Software 2
FILE-OTHER AdobeAcrobat pro CVE-2018-4914 Out Of BoundsRead Attempt
CVE-2018-4914
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro EMFEMR_STRETCHDIBITSsize out of bounds readattempt
CVE-2018-4964
Applicationand Software 2
IPS Signature Update
November 2019 Page 15 of 39
FILE-OTHER AdobeAcrobat Pro EMFImageConversion out-of-bounds writeattempt
CVE-2018-12860
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro EMFmalformed bitmaprectangle destinationout of bounds readattempt
CVE-2018-4886
Applicationand Software 1
FILE-OTHER AdobeAcrobat Pro EMFmalformed bitmaprectangle destinationout of bounds readattempt
CVE-2018-4886
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro EMFmemory corruptionattempt
CVE-2018-15951
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro integeroverflow vulnerabilityattempt
CVE-2018-15995
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro TIFFembedded XPS file outof bounds read attempt
CVE-2018-4903
Applicationand Software 2
FILE-OTHER AdobeAcrobat Pro XPS filemalformed Sourceattribute bufferoverflow attempt
CVE-2018-4899
Applicationand Software 1
FILE-OTHER Adobe CVE-2018- Application 2
IPS Signature Update
November 2019 Page 16 of 39
Acrobat Pro XPS out-of-bounds read attempt
5016 and Software
FILE-OTHER AdobeAcrobat Reader CVE-2018-12775 Out OfBounds
CVE-2018-12775
Applicationand Software 2
FILE-OTHER AdobeAcrobat Reader CVE-2018-12777 Out ofBounds Read Access
CVE-2018-12777
Applicationand Software 2
FILE-OTHER AdobeAcrobat Reader CVE-2018-12780 Out ofBounds Read Access
CVE-2018-12780
Applicationand Software 2
FILE-OTHER AdobeAcrobat Reader CVE-2018-12781 Out ofBounds Read Access
CVE-2018-12781
Applicationand Software 2
FILE-OTHER AdobeAcrobat Reader pcxplanes memorycorruption attempt
CVE-2017-3036
Applicationand Software 1
FILE-OTHER AppleQuickTime PSD FileParsing CVE-2016-1769Memory Corruption
CVE-2016-1769
Applicationand Software 2
FILE-OTHER EMFEmrText object out ofbounds read attempt
CVE-2018-4883
Applicationand Software 1
FILE-OTHER FreeBSDbspatch utility remotecode execution attemptCVE-2014-9862
CVE-2014-9862
Applicationand Software 1
IPS Signature Update
November 2019 Page 17 of 39
FILE-OTHER FreeBSDbspatch utility remotecode execution attempt
CVE-2014-9862
Applicationand Software 2
FILE-OTHER GNULibextractor CVE-2018-16430 ZIP File CommentOut-of-Bounds Read
CVE-2018-16430
Applicationand Software 2
FILE-OTHER GoogleGolang Get CommandInjection
CVE-2018-7187
Applicationand Software 2
FILE-OTHER MicrosoftJet 4.0 CVE-2016-0250Access ViolationVulnerability
CVE-2016-0250
Applicationand Software 1
FILE-OTHERMicrosoft .NETResources file remotecode execution attempt
CVE-2018-8172
Applicationand Software 2
FILE-OTHER MicrosoftwimgapiLoadIntegrityInfo heapbuffer overflow attempt
CVE-2018-8210
Applicationand Software 1
FILE-OTHER MicrosoftWindows Device Guardbypass via compiledhelp file attempt
CVE-2017-8625
Applicationand Software 2
FILE-OTHER MicrosoftWindows wimgapiReadIntegrityInfo HeapBuffer Overflow CVE-2018-8210
CVE-2018-8210
Applicationand Software 1
FILE-OTHER Snapddirty_sock exploitdownload attempt
CVE-2019-7304
Applicationand Software 2
IPS Signature Update
November 2019 Page 18 of 39
FILE-OTHER VMwareVNCVMWDynResolutionHeap Buffer Overflow
CVE-2017-4933
Applicationand Software 2
FILE-OTHER WSDL soapendpoint location codeinjection attempt
CVE-2017-8759
Applicationand Software 2
FILE-PDF AcrobatReader CVE-2018-12766Information DisclosureVulnerability
CVE-2018-12766
Applicationand Software 1
FILE-PDF AcrobatReader CVE-2018-12766Information DisclosureVulnerability
CVE-2018-12766
Applicationand Software 1
FILE-PDF AcrobatReader CVE-2018-15925Information DisclosureVulnerability
CVE-2018-15925
Applicationand Software 2
FILE-PDF Adobe Acrobatand Reader CVE-2017-11254 addAnnot UseAfter Free Vulnerability
Applicationand Software 1
FILE-PDF Adobe Acrobatand Reader CVE-2018-12790 JPEG2000 ParsingOut of Bounds Read
CVE-2018-12790
Applicationand Software 3
FILE-PDF Adobe Acrobatand Reader JPEG2000Out of Bounds Read
CVE-2017-2946
Applicationand Software 1
FILE-PDF Adobe AcrobatCoolType malformedfont memory corruptionattempt
CVE-2016-0945
Applicationand Software 1
IPS Signature Update
November 2019 Page 19 of 39
FILE-PDF Adobe AcrobatEMF EMR_ALPHABLENDCVE-2018-12789 Out-of-Bounds Read
CVE-2018-12789
Applicationand Software 3
FILE-PDF Adobe AcrobatFileAttachment use-after-free attempt
CVE-2016-1065
Applicationand Software 1
FILE-PDF Adobe AcrobatImageConversion TIFFHeap-based BufferOverflow
CVE-2017-2966
Applicationand Software 1
FILE-PDF Adobe Acrobatinteger overflowattempt
CVE-2018-16007
Applicationand Software 2
FILE-PDF Adobe AcrobatJavaScript engine useafter free attempt
CVE-2019-7082
Applicationand Software 2
FILE-PDF Adobe AcrobatOCG setIntent CVE-2018-4910 IntegerOverflow II
CVE-2018-4910
Applicationand Software 2
FILE-PDF Adobe AcrobatReader annotationoversized array memorycorruption attempt
CVE-2016-1007
Applicationand Software 1
FILE-PDF Adobe AcrobatReader byte order markout of bounds readattempt
CVE-2018-4882
Applicationand Software 1
FILE-PDF Adobe AcrobatReader CVE-2016-1043XFA FormCalc replaceInteger Overflow
CVE-2016-1043
Applicationand Software 1
IPS Signature Update
November 2019 Page 20 of 39
FILE-PDF Adobe AcrobatReader CVE-2018-12782Double Free MemoryCorruption
CVE-2018-12782
Applicationand Software 2
FILE-PDF Adobe AcrobatReader CVE-2018-12783Use After Free MemoryCorruption
CVE-2018-12783
Applicationand Software 2
FILE-PDF Adobe AcrobatReader CVE-2018-4882Byte Order Mark Out OfBounds Read Attempt II
CVE-2018-4882
Applicationand Software 2
FILE-PDF Adobe AcrobatReadergetAnnotsRichMediareturn type confusionattempt
CVE-2018-4902
Applicationand Software 1
FILE-PDF Adobe AcrobatReader invalid trailermemory corruptionattempt
CVE-2018-4901
Applicationand Software 1
FILE-PDF Adobe AcrobatReader JavaScript XFAengine use after freeattempt
CVE-2018-4913
Applicationand Software 1
FILE-PDF Adobe AcrobatReader malformed AESkey memory corruptionattempt
CVE-2017-3030
Applicationand Software 2
FILE-PDF Adobe AcrobatReader malformed CFFglobal subroutinememory corruptionattempt
CVE-2017-2941
Applicationand Software 1
IPS Signature Update
November 2019 Page 21 of 39
FILE-PDF Adobe AcrobatReader malformed PRCfile out of bounds readattempt
CVE-2017-3019
Applicationand Software 2
FILE-PDF Adobe AcrobatReader malformedTrueType font memorycorruption attempt
CVE-2017-11237
Applicationand Software 1
FILE-PDF Adobe AcrobatReader malformed TTFmemory corruptionattempt
CVE-2017-3116
Applicationand Software 2
FILE-PDF Adobe AcrobatReader PostScript fileout of bounds readattempt CVE-2019-7074
CVE-2019-7074
Applicationand Software 2
FILE-PDF Adobe AcrobatReader U3D e3_boneobject out of boundsmemory access attempt
CVE-2016-1116
Applicationand Software 1
FILE-PDF Adobe AcrobatXFA field initializationmemory corruptionattempt
CVE-2017-11218
Applicationand Software 1
FILE-PDF Adobe FlashPlayer ActionScriptsetFocus use after freeattempt
CVE-2016-4227
Applicationand Software 1
FILE-PDF Adobe FlashPlayer ActionScriptsetFocus use after freeattempt
CVE-2016-4227
Applicationand Software 2
FILE-PDF Adobe ReadercompareDocuments
CVE-2016-1085
Applicationand Software 1
IPS Signature Update
November 2019 Page 22 of 39
JavaScript function use-after-free attempt
FILE-PDF Adobe ReaderCVE-2018-12803Information Disclosure
CVE-2018-12803
Applicationand Software 2
FILE-PDF Adobe ReaderCVE-2018-16033 Out OfBounds
CVE-2018-16033
Applicationand Software 2
FILE-PDF Adobe ReaderDC JPEG2000 CVE-2016-7854 Out-of-BoundsRead
CVE-2016-7854
Applicationand Software 4
FILE-PDF Adobe ReaderJPEG 2000 chrominancesubsampling memorycorruption attempt
CVE-2016-1009
Applicationand Software 1
FILE-PDF Adobe Readermalformed JPEG2000image invalidNumberComponentsout of bounds readattempt
CVE-2016-1078
Applicationand Software 1
FILE-PDF Adobe Readermalformed Universal 3Dstream memorycorruption attempt
CVE-2016-1037
Applicationand Software 1
FILE-PDF Adobe ReaderPDF memory corruptionattempt
CVE-2017-3017
Applicationand Software 2
FILE-PDF Adobe ReaderPDF onEventexecMenuItem use afterfree attempt
CVE-2016-1056
Applicationand Software 1
IPS Signature Update
November 2019 Page 23 of 39
FILE-PDF Adobe Readertrusted JavaScriptfunction security bypassattempt
CVE-2016-1042
Applicationand Software 1
FILE-PDF Adobe ReaderUniversal 3D engine outof bounds memoryaccess violation attempt
CVE-2016-1074
Applicationand Software 1
FILE-PDF Adobe ReaderXFA API preOpen useafter free attempt
CVE-2016-1049
Applicationand Software 1
FILE-PDF Adobe ReaderXFA prePrint use afterfree attempt
CVE-2016-1048
Applicationand Software 1
FILE-PDF Foxit ReaderCVE-2018-14304Annotations noteIconUse After Free
CVE-2018-14304
Applicationand Software 3
FILE-PDF Microsoft EdgePDF Builder CVE-2017-0023 out of boundsread attemptVulnerability
CVE-2017-0023
Applicationand Software 1
FILE-PDF MicrosoftWindows PDF LibraryHeap-based BufferOverflow
CVE-2017-8728
Applicationand Software 1
FILE-PDFTRUFFLEHUNTERTALOS-2018-0623 attackattempt
CVE-2018-12852
Applicationand Software 1
INDICATOR-OBFUSCATIONMicrosoft Windows OLE
CVE-2014-6332
OperatingSystem andServices
2
IPS Signature Update
November 2019 Page 24 of 39
CVE-2014-6332Automation ArrayRemote Code ExecutionIII
INDICATOR-OBFUSCATIONMicrosoft Windows OLECVE-2014-6332Automation ArrayRemote Code ExecutionII
CVE-2014-6332
OperatingSystem andServices
2
MALWARE-OTHERMalwareWorm.Win32.Wcry.ARuntime Detection
MalwareCommunication 2
NETBIOS SMB-DS NTTrans Secondary ParamCount overflow attempt
CVE-2003-0085
OperatingSystem andServices
1
OS-LINUX Linux KernelUSBIP out of boundswrite attempt
CVE-2016-3955
OperatingSystem andServices
1
OS-LINUX Red Hat 389Directory Server CVE-2018-14648 do_searchDenial of Service
CVE-2018-14648
OperatingSystem andServices
1
OS-LINUX Red HatNetworkManager CVE-2018-1111 DHCPCommand Injection
CVE-2018-1111
OperatingSystem andServices
2
OS-WINDOWS DCERPCNCACN-IP-TCP srvsvcNetrpPathCanonicalizepath canonicalizationstack overflow attempt
CVE-2008-4250
OperatingSystem andServices
1
IPS Signature Update
November 2019 Page 25 of 39
OS-WINDOWSMicrosoft WindowsCredSSP MITM CodeExecution
CVE-2018-0886
OperatingSystem andServices
2
OS-WINDOWSMicrosoft WindowsCVE-2018-0817 IntegerOverflow
CVE-2018-0817
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsCVE-2018-0877 IntegerOverflow
CVE-2018-0877
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsCVE-2018-0889 RemoteCode Execution
CVE-2018-0889
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsCVE-2019-1071Information Disclosure
CVE-2019-1071
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsCVE-2019-1073Information Disclosure
CVE-2019-1073
OperatingSystem andServices
2
OS-WINDOWSMicrosoft Windows JETDatabase EnginePhysical Index Out-of-Bounds Read CVE-2019-0575
CVE-2019-0575
OperatingSystem andServices
2
OS-WINDOWSMicrosoft Windowskernel informationdisclosure attempt
CVE-2019-0840
OperatingSystem andServices
2
IPS Signature Update
November 2019 Page 26 of 39
OS-WINDOWSMicrosoft WindowsLSASS AuthenticationDenial of Service
CVE-2017-0004
OperatingSystem andServices
2
OS-WINDOWSMicrosoft Windows NTDHCP REQUEST clientidentifier overflowattempt
CVE-2004-0899
OperatingSystem andServices
1
OS-WINDOWSMicrosoft Windows NTDHCP REQUESThostname overflowattempt
CVE-2004-0899
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsPrint Spooler ServiceArbitrary File Upload
CVE-2010-2729
OperatingSystem andServices
4
OS-WINDOWSMicrosoft Windows RDPCVE-2019-0708 RemoteCode Execution
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsRemote DesktopServices CVE-2019-1182Remote Code ExecutionVulnerability
CVE-2019-1182
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsRemote DesktopServices Remote CodeExecution (DecryptedTraffic)
CVE-2019-0708
OperatingSystem andServices
1
OS-WINDOWS CVE-2008- Operating 4
IPS Signature Update
November 2019 Page 27 of 39
Microsoft WindowsServer Service RPCRequest Handling BufferOverflow
4250 System andServices
OS-WINDOWSMicrosoft WindowsSMB Negotiate RequestRemote Code Execution
CVE-2009-3103
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsSMB Server SMBv1 CVE-2017-0143 MemoryCorruption
CVE-2017-0143
OperatingSystem andServices
2
OS-WINDOWSMicrosoft WindowsSMB Server SMBv1 CVE-2017-0144 MemoryCorruption
CVE-2017-0143
OperatingSystem andServices
2
OS-WINDOWSMicrosoft WindowsSMB Server SMBv1 CVE-2017-0147 InformationDisclosure
CVE-2017-0147
OperatingSystem andServices
2
OS-WINDOWSMicrosoft WindowsSMB Server SMBv1 CVE-2017-0147 InformationDisclosure
CVE-2017-0147
OperatingSystem andServices
2
OS-WINDOWSMicrosoft WindowsSMB Server SMBv2Smb2UpdateLeaseFileName Code Execution
CVE-2019-0630
OperatingSystem andServices
1
OS-WINDOWSMicrosoft WindowsSMBv1 identical MID
CVE-2017-0143
OperatingSystem and
2
IPS Signature Update
November 2019 Page 28 of 39
and FID type confusionattempt CVE-2017-0143
Services
OS-WINDOWSWindowsUniscribe CVE-2017-0014 Remote CodeExecution
CVE-2017-0014
OperatingSystem andServices
1
PROTOCOL-NNTP articlepost without pathattempt
OperatingSystem andServices
1
PROTOCOL-NNTP canceloverflow attempt
CVE-2004-0045
OperatingSystem andServices
2
PROTOCOL-VOIP CiscoUnified Customer VoicePortal denial of serviceattempt
CVE-2018-0086
VoIP andInstant
Messaging2
PROTOCOL-VOIP SIPREGISTER flood attempt
CVE-2014-2154
VoIP andInstant
Messaging3
SCAN O-WINDOWSMicrosoft WindowsSMB Negotiate RequestRemote Code Execution
CVE-2009-3103 Reconnaissance 1
SERVER-APACHE ApacheHTTP Server mod_http2denial of serviceattempt
CVE-2016-8740
Apache HTTPServer 2
SERVER-APACHE ApacheSolr Config API InsecureDeserialization
CVE-2019-0192
Apache HTTPServer 1
SERVER-APACHE ApacheSolr ConfigSets CVE-2018-8010 XML
CVE-2018-8010
Apache HTTPServer 3
IPS Signature Update
November 2019 Page 29 of 39
External EntityExpansion InformationDisclosure
SERVER-APACHE ApacheSubversionmod_authz_svn COPYMOVE Denial of Service
CVE-2016-2168
Apache HTTPServer 3
SERVER-APACHE ApacheSubversion svnserveinteger overflowattempt
CVE-2015-5259
Apache HTTPServer 1
SERVER-APACHE ApacheTomcat HTTP PUTRemote Code Execution
CVE-2017-12615
Apache HTTPServer 1
SERVER-MAIL IBMDomino IMAP MailboxName Stack BufferOverflow
CVE-2017-1274
Other MailServer 3
SERVER-ORACLE OracleGlassFish ServerThemeServlet DirectoryTraversal
DatabaseManagement
System2
SERVER-OTHER CiscoASA IKEv2 invalidfragment length heapbuffer overflow attempt
CVE-2016-1287
Other WebServer 1
SERVER-OTHER CiscoSoftware ClusterManagement Protocolremote code executionattempt
CVE-2017-3881
Other WebServer 1
SERVER-OTHER CMSMade Simple login.phpRemote Password Reset
CVE-2018-10081
Other WebServer 2
IPS Signature Update
November 2019 Page 30 of 39
SERVER-OTHER ElasticKibana server.js LocalFile Inclusion
CVE-2018-17246
Web Servicesand
Applications3
SERVER-OTHER GnuTLSProxy CertificateInformation ExtensionMemory Corruption
CVE-2017-5334
Other WebServer 2
SERVER-OTHER IBMWebSphere ApplicationServer Commons-Collections LibraryRemote Code ExecutionII
CVE-2016-0150
Other WebServer 2
SERVER-OTHER Jacksondatabind deserializationremote code executionattempt
CVE-2017-17485
Other WebServer 1
SERVER-OTHERKubernetes API ProxyRequest HandlingPrivilege Escalation
CVE-2018-1002105
Other WebServer 2
SERVER-OTHERKubernetes API Serverbypass attempt
CVE-2018-1002105
Other WebServer 2
SERVER-OTHERMicrosoft WindowsDHCP Server FailoverRemote Code Execution
CVE-2019-0785
Other WebServer 4
SERVER-OTHER PHPgdImageColorMatchheap buffer overflowfile download attempt
CVE-2019-6977
Other WebServer 2
SERVER-OTHER PHPLDAP ldap get dn Denial
CVE-2018-10548
Other WebServer 2
IPS Signature Update
November 2019 Page 31 of 39
of Service IV
SERVER-OTHERPostgreSQL DatabasePassword Change StackBuffer Overflow
CVE-2019-10164
Other WebServer 2
SERVER-OTHER WesternDigital My Cloudauthentication bypassattempt
CVE-2018-17153
Other WebServer 2
SERVER-OTHER XenProject XAPI UpdateDirectory Traversal CVE-2018-14007
CVE-2018-14007
Other WebServer 2
SERVER-OTHER ZohoManageEngineOpManager BusinessView Background ImageArbitrary File Upload
CVE-2018-18475
Other WebServer 2
SERVER-WEBAPPAlienvault CVE-2016-8582 Unified SecurityManagement andOSSIM gauge.php SQLInjection
CVE-2016-8582
Web Servicesand
Applications2
SERVER-WEBAPPAlienvault OSSIMgauge.php value SQLinjection attempt
CVE-2016-8582
Web Servicesand
Applications2
SERVER-WEBAPP CiscoAdaptive SecurityAppliance Webvpn XMLParser Double Free CVE-2018-0101
CVE-2018-3609
Web Servicesand
Applications2
SERVER-WEBAPP CiscoDDR2200 ADSL gateway CVE-2017- Web Services
and1
IPS Signature Update
November 2019 Page 32 of 39
command injectionattempt
11588 Applications
SERVER-WEBAPP CiscoPrime Network AnalysisModule commandinjection attempt
CVE-2016-1388
Web Servicesand
Applications2
SERVER-WEBAPP CiscoRV220 platform.cgi SQLinjection attempt
CVE-2015-6319
Web Servicesand
Applications1
SERVER-WEBAPP CiscoUltra ServicesFramework commandinjection attempt
CVE-2017-6714
Web Servicesand
Applications1
SERVER-WEBAPP EMCVMAX3 CVE-2017-4997VASA ProviderUploadConfiguratorDirectory Traversal II
CVE-2017-4997
Web Servicesand
Applications2
SERVER-WEBAPP EMCVMAX3 VASA ProviderUploadConfiguratorDirectory Traversal(Decrypted Traffic)
CVE-2017-4997
Web Servicesand
Applications1
SERVER-WEBAPP GEMDS PulseNET CVE-2018-10611 SpringRemoting HTTPInvokerInsecure Deserialization
CVE-2018-10611
Web Servicesand
Applications2
SERVER-WEBAPP HPEIntelligent ManagementCenter CVE-2017-12559mibFileServlet fileDirectory Traversal
CVE-2017-12559
Web Servicesand
Applications2
SERVER-WEBAPP HPESystem Management CVE-2016- Web Services
and2
IPS Signature Update
November 2019 Page 33 of 39
Homepage bufferoverflow attempt
4395 Applications
SERVER-WEBAPP KibanaConsole forElasticsearch local fileinclusion attempt
CVE-2018-17246
Other WebServer 2
SERVER-WEBAPPManageEngineApplications ManagerApache CommonsCollections InsecureDeserialization
CVE-2016-9498
Web Servicesand
Applications1
SERVER-WEBAPP NagiosXI Autodiscovery CVE-2019-9164 JobCommand Injection
CVE-2019-9164
Web Servicesand
Applications2
SERVER-WEBAPP NagiosXI CVE-2018-8734database settingsmodification attempt
CVE-2018-8734
Web Servicesand
Applications1
SERVER-WEBAPPNetGain SystemsEnterprise ManagerCVE-2017-16602exec_jsp CommandExecution
CVE-2017-16602
Web Servicesand
Applications2
SERVER-WEBAPPNetgear ProSAFENMS300 fileUpload.doArbitrary File Upload
CVE-2016-1524
Web Servicesand
Applications2
SERVER-WEBAPP Oraclee-Business SuiteHR_UTIL_DISP_WEBSQL injection attempt
CVE-2016-0517
Web Servicesand
Applications3
IPS Signature Update
November 2019 Page 34 of 39
SERVER-WEBAPP OracleFusion MiddlewareMapViewer arbitraryJSP file upload attempt
CVE-2017-3230
Web Servicesand
Applications1
SERVER-WEBAPP OracleFusion MiddlewareMapViewer directorytraversal attempt
CVE-2017-3230
Web Servicesand
Applications1
SERVER-WEBAPP OracleOpera PropertyManagement SystemProcessInfo commandinjection attempt
CVE-2016-5563
Web Servicesand
Applications3
SERVER-WEBAPP PHPCVE-2019-9022dns_get_record Out ofBounds Read
CVE-2019-9022
Web Servicesand
Applications3
SERVER-WEBAPP PHPunserialize function useafter free memorycorruption vulnerabilityattempt
CVE-2016-7479
Web Servicesand
Applications2
SERVER-WEBAPPPMSotware Simple WebServer connectionheader buffer overflowattempt
Web Servicesand
Applications1
SERVER-WEBAPP QuestNetVault BackupMultipart CVE-2018-1163 RequestchecksessionAuthentication Bypass
CVE-2018-1163
Web Servicesand
Applications3
SERVER-WEBAPP SAPNetWeaver
CVE-2016-2386
Web Servicesand
2
IPS Signature Update
November 2019 Page 35 of 39
UDDISecurityImplBeanSQL injection attempt
Applications
SERVER-WEBAPPSitecore CMSdefault.aspx directorytraversal attempt CVE-2018-7669
CVE-2018-7669
Web Servicesand
Applications2
SERVER-WEBAPPSymantec MessagingGatewayperformBackupNow.docommand injectionattempt
CVE-2017-6326
Web Servicesand
Applications1
SERVER-WEBAPP TrendMicro Control ManagerCVE-2018-3602AdHocQuery_ProcessorGetProductCategorySQL Injection
CVE-2018-3602
Web Servicesand
Applications2
SERVER-WEBAPP TrendMicro Mobile SecurityCVE-2017-14078Enterpriseeas_agent_unregisterslink_id SQL Injection
CVE-2017-14078
Web Servicesand
Applications2
SERVER-WEBAPP TrendMicro Mobile SecurityEnterpriseeas_agent_sync_client_info slink_id SQLInjection (DecryptedTraffic)
CVE-2017-14078
Web Servicesand
Applications1
SERVER-WEBAPP TrendMicro Mobile SecurityEnterpriseeas_agent_sync_client_info slink_id SQL
Web Servicesand
Applications2
IPS Signature Update
November 2019 Page 36 of 39
Injection I
SERVER-WEBAPP TrendMicro Mobile SecurityEnterpriseeas_agent_unregisterslink_id SQL Injection(Decrypted Traffic)
CVE-2017-14078
Web Servicesand
Applications2
SERVER-WEBAPP TrendMicroproxy_controller.phpcommand injectionattempt
CVE-2017-11394
Web Servicesand
Applications2
SERVER-WEBAPP TrendMicro Threat DiscoveryApplianceadmin_sys_time.cgicommand injectionattempt
CVE-2016-7547
Web Servicesand
Applications1
SERVER-WEBAPPTRUFFLEHUNTERTALOS-2018-0549 attackattempt
CVE-2018-3867
Web Servicesand
Applications4
SERVER-WEBAPPTRUFFLEHUNTERTALOS-2018-0567 attackattempt
Web Servicesand
Applications4
SERVER-WEBAPPWordPress load-scripts.php Denial ofService
CVE-2018-6389
Web Servicesand
Applications3
SERVER-WEBAPPWP_Query plugin SQLinjection attempt
CVE-2017-5611
Web Servicesand
Applications1
SQL Oracle e-BusinessSuite CVE-2016- Database
Management3
IPS Signature Update
November 2019 Page 37 of 39
JTF_BISUTILITY_PUBSQL injection attempt
0515 System
SQL Oracle MySQLPluggable Auth denial ofservice attempt
CVE-2017-3599
DatabaseManagement
System2
MalwareCommunication 4
IPS Signature Update
November 2019 Page 38 of 39
Name: Name of the Signature
CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) providesreference of CVE Identifiers for publicly known information security vulnerabilities.
Category: Class type according to threat
Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
IPS Signature Update
November 2019 Page 39 of 39
Important NoticeSophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warrantyof any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes noresponsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in productdesign or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2019 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate HeadquartersSophos Technologies Pvt. Ltd.
Reg. Office: Sophos House, Saigulshan Complex,
Beside White House, Panchvati Cross Road,
Ahmedabad – 380006, INDIA
Phone: +91-79-66216666
Fax: +91-79-26407640
Web site: www.sophos.com