[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Thu Jul 6 18:36:54 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT is aware of a number of vulnerabilities affecting
several web browsers, including Internet Explorer and Firefox. This
rule pack contains a number of rules to detect these issues.

Details:
The Sourcefire VRT is aware of a number of vulnerabilities affecting
web browser client applications. This rule pack contains a number of
rules to address these issues.

These rules are identified as sids 7003 through 7018.

New rules:
7003 - WEB-CLIENT ADODB.Recordset ActiveX function call access
(web-client.rules)
7004 - WEB-CLIENT Internet.HHCtrl.1 ActiveX function call access
(web-client.rules)
7005 - WEB-CLIENT OutlookExpress.AddressBook ActiveX function call
access (web-client.rules)
7006 - WEB-CLIENT ASControls.InstallEngineCtl ActiveX function call
access (web-client.rules)
7007 - WEB-CLIENT AxDebugger.Document.1 ActiveX function call access
(web-client.rules)
7008 - WEB-CLIENT DirectAnimation.DAUserData ActiveX function call
access (web-client.rules)
7009 - WEB-CLIENT DirectAnimation.StructuredGraphicsControl ActiveX
function call access (web-client.rules)
7010 - WEB-CLIENT HtmlDlgSafeHelper.HtmlDlgSafeHelper.1 ActiveX
function call access (web-client.rules)
7011 - WEB-CLIENT HtmlDlgSafeHelper.HtmlDlgSafeHelper ActiveX function
call access (web-client.rules)
7012 - WEB-CLIENT Internet.PopupMenu.1 ActiveX function call access
(web-client.rules)
7013 - WEB-CLIENT Microsoft.ISCatAdm ActiveX function call access
(web-client.rules)
7014 - WEB-CLIENT NMSA.ASFSourceMediaDescription.1 ActiveX function
call access (web-client.rules)
7015 - WEB-CLIENT NMSA.MediaDescription ActiveX function call access
(web-client.rules)
7016 - WEB-CLIENT Object.Microsoft.DXTFilter ActiveX function call
access (web-client.rules)
7017 - WEB-CLIENT RDS.DataControl ActiveX function call access
(web-client.rules)
7018 - WEB-CLIENT Sysmon ActiveX function call access
(web-client.rules)

Updated rules:
~ 580 - RPC portmap nisd request UDP (rpc.rules)
~ 824 - WEB-CGI php.cgi access (web-cgi.rules)
1951 - RPC mountd TCP mount request (rpc.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFErZCGMpm0ve0NhMcRAqHfAJ9DtbKa1+dTYmxOB2Kd71N1iNi7WgCghY5M
rRLZPMl07XrD2UuHwI29IzA=
=cxWv
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list