Trend Micro Security
  Rule Update

15-018 (2015年6月23日)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1004707* - Application Control For Dropbox

Application Control For Web Media
1002451* - Application Control For YouTube

1006793 - Elasticsearch Groovy Search Sandbox Bypass Vulnerability

FTP Server ProFTPD
1006743 - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)

LDAP Client
1006785 - Identified LDAP BindRequest Using NTLM Authentication Mechanism

Microsoft Office
1006370* - Microsoft Word Use After Free Remote Code Execution Vulnerability (CVE-2014-6357)

1006655 - OpenSSL ASN_TYPE_cmp Segmentation Fault Vulnerability (CVE-2015-0286)

OpenSSL Client
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)

Suspicious Server Application Activity
1006560 - Identified Microsoft SQL Server Resolution Service Distributed Denial Of Service Attack

Universal Plug And Play Service
1006746 - Detected Too Many SSDP Traffic Amplification Requests

Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1000608* - Generic SQL Injection Prevention

Web Application PHP Based
1006794 - PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability

Web Application Tomcat
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure

Web Client Common
1006299* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0558)
1006530* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0582)
1006353* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0584)
1006398* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0585)
1006449* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0590)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006646* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0359)
1006657* - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006512* - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2015-0315)
1006787 - Adobe Font Driver Denial Of Service Vulnerability (CVE-2015-0074)
1006550* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0090)
1006421* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8457)
1006418* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8458)
1006420* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-9159)
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006549* - OpenType Font Parsing Vulnerabilities

Web Client Internet Explorer
1006807 - Microsoft Internet Explorer ASLR Bypass Using MemoryProtection Vulnerability
1006790 - Microsoft Internet Explorer Memory Access Violation Vulnerability
1006758* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006789 - Microsoft Internet Explorer MemoryProtector ASLR Bypass Vulnerability
1006783 - Microsoft Internet Explorer Null Pointer Denial Of Service Vulnerability
1006809 - Microsoft Internet Explorer Type Confusion Using Isolated Heap Vulnerability
1006665* - Microsoft Internet Explorer VBScript ASLR Bypass (CVE-2015-1686)

Web Client Mozilla Firefox
1003324* - Mozilla Firefox URI Invisible Control Characters Incorrect Decoding

Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic

Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1006386 - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)

Web Server Miscellaneous
1006744 - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)

Windows Services RPC Client
1006784 - Identified Windows Group Policy Files Downloaded From Untrusted Sources
1003980* - SMB Client Race Condition Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.