[Snort-sigs] New adobe vulnerability
matt at ...2436...
Wed Aug 18 09:06:10 EDT 2004
Just put this rule up on the bleedingsnort.com set for the new adobe
exploit detailed here:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE
Adobe Acrobat Reader Malicious URL Null Byte";
uricontent:".pdf%00"; classtype:web-attack; sid:2002001; rev:1;)
I'm posting this because this just seems far too simple. I have to be
missing something. This look right to everyone?
More information about the Snort-sigs