DV 8335 update

*********************************************************

SYSTEM REQUIREMENTS:

The 2.5.2 DV will run on the 2.5.2 TOS to the 3.1.x TOS.

The 3.2.0 DV will run on the 3.2.0 TOS and above.

*********************************************************

New Filters

----------------

    

12321: HTTP: Tinba Trojan Communication Attempt

    Category: Exploits

    Description:            

     This filter will detect communication attempts to a Command

     and Control server by a host infected with the Tinba Trojan.

    Use of RECOMMEND action as category setting will cause this filter to be:

     Enabled with the "block+notify" action set in default deployments.

12411: Backdoor: Packed Web Shell by Orb (WSO)

    Category: Exploits

    Description:            

     This filter detects the transfer of a packed Web Shell by Orb

     (WSO) script.

    Use of RECOMMEND action as category setting will cause this filter to be:

     Enabled with the "block+notify" action set in default deployments.

12452: RTMP: Adobe Flash Player RTMP Error Message Object Type Confusion

    Category: Vulnerabilities

    CVE: 2012-0779, 

    Description:            

     This filter detects a malicious Real Time Message Protocol media

     stream.

    Use of RECOMMEND action as category setting will cause this filter to be:

     Enabled with the "block+notify" action set in default deployments.

12454: HTTP: Apple QuickTime MOV File JVTCompEncodeFrame Buffer Overflow

    Category: Vulnerabilities

    CVE: 2007-2295, 

    BID: 23650, 

    Description:            

     This filter detects an attempt to exploit a buffer overflow

     in vulnerable installations of Apple QuickTime.

    Use of RECOMMEND action as category setting will cause this filter to be:

     Enabled with the "block+notify" action set in default deployments.

12455: TCP: HP StorageWorks File Migration Agent Buffer Overflow (ZDI-12-126)

    Category: Vulnerabilities

    Description:            

     This filter detects an attempt to exploit a buffer overflow

     vulnerability in HP StorageWorks File Migration Agent.

    Use of RECOMMEND action as category setting will cause this filter to be:

     Enabled with the "block+notify" action set in aggressive deployments.

12456: HTTP: Apple QuickTime PICT Image Memory Corruption Vulnerability

    Category: Vulnerabilities

    CVE: 2007-4676, 

    BID: 26345, 

    Description:            

     This filter detects an attempt to exploit a memory corruption

     vulnerability in vulnerable installations of Apple QuickTime.

    Use of RECOMMEND action as category setting will cause this filter to be:

     Enabled with the "block+notify" action set in default deployments.

Modified Filters

----------------

8391: HTTP: Malformed Windows Media File Vulnerability

12232: HTTP: Microsoft Windows Common Controls Buffer Overflow

12395: HTTP: Microsoft XML Core Services Remote Code Execution Vulnerability