[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Wed Aug 1 14:44:50 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of a vulnerability affecting hosts using Microsoft Excel. This release also includes additions to the spyware-put and backdoor rule categories.

Details:
Microsoft Security Bulletin MS07-036:
A memory corruption vulnerability exists in the way Microsoft Excel processes files. The vulnerability is a result of insufficient data validation while processing the Version field in a BOF record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 12184.

In addition, as a result of ongoing research, the VRT has added rules to the backdoor and spyware-put rule categories.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-08-01.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)

iD8DBQFGsLzooFlcG+k7cPwRAri9AJ9vRyNFOJxb9gtx3OSv0wOVbtOJOgCdHrw3
AgbW+I9V5mmXESIxo3JX+BM=
=6H22
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list