[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Fri Feb 17 12:28:02 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has continued research into the recently announced
vulnerabilities in Microsoft products. Additional detection has been
added in this rule pack for MS06-005 and MS06-004.


Details:
Microsoft Security Bulletin MS06-005

Microsoft Media Player plugin is subject to a buffer overflow condition
when handling embedded media in web pages. The plugin is used in
Mozilla browsers on hosts using the Microsoft Windows operating system.

A rule to detect attacks targeting this vulnerability is included in
this update and is identified as sid 5712.

Microsoft Security Bulletin MS06-004

Microsoft Internet Explorer does not properly process Windows Metafile
(WMF) images. An invalid size field in the header section of a WMF
image may allow an attacker to exploit an integer overflow condition
and execute code of their choosing on an affected host.

A rule to detect attacks targeting this vulnerability is included in
this update and is identified as sid 5713.



Updated rules:
5710 - WEB-CLIENT Windows Media Player Plugin for Non-IE browsers
buffer overflow attempt (web-client.rules)

New rules:
5708 - POLICY HTML File upload attempt (policy.rules)
5712 - WEB-CLIENT Windows Media Player invalid data offset bitmap heap
overflow attempt (web-client.rules)
5713 - WEB-CLIENT Windows Metafile invalid header size integer overflow
(web-client.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD9jGuMpm0ve0NhMcRApKMAJwPmfl5At5ClnbqNpXYcT2hxVV4VACfVXAB
gKsWMTR55VpbzvEcfbQOZBY=
=HCCY
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list