[Snort-sigs] Sourcefire VRT Certified Rules Update

Matthew Watchinski mwatchinski at ...435...
Fri Jul 8 14:47:10 EDT 2005

Sourcefire VRT Certified Rules Update
The Sourcefire Vulnerability Research Team (VRT) has learned of a
serious vulnerability affecting Internet Explorer.
Internet Explorer does not properly handle a COM object known as
javaprxy.dll that is installed on hosts that run Microsoft Java
Machine. When this COM object is invoked through a web page, the
contents of the web page are copied to shared memory on the client
host. When the web page contains a large amount of data, a buffer
overflow can occur.
A Rule to detect attacks against this vulnerability is included in this
rule pack and is identified as sid 3814.

New rules:
3814 - WEB-CLIENT IE javaprxy.dll COM access (web-client.rules)
Updated rules:
3148 - WEB-CLIENT winhelp clsid attempt (web-client.rules)

Matthew Watchinski
Director, Vulnerability Research
Sourcefire, Inc.

More information about the Snort-sigs mailing list