[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Tue Jan 9 13:42:38 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has discovered a
serious vulnerability affecting Microsoft Outlook and is aware of a
vulnerability affecting Adobe Acrobat Reader.


Details:
Microsoft Security Bulletin MS07-003:
The Sourcefire VRT has discovered a remotely exploitable vulnerability
in Microsoft Outlook when it is used to process iCal calendar requests.
iCal files may be used in meeting requests and can be sent to
recipients using email. Included in an iCal request is time zone data
that is used on the system to automatically populate the calendar in
Outlook with the contents of the file.

An error in the processing of time zone data in a VEVENT record of an
iCal file may allow a remote attacker to execute arbitrary code on a
vulnerable system with the privileges of the current user. This may
lead to the complete compromise of an affected host.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified as SID 9841.

Adobe Acrobat Reader Plugin CVE-2007-0046:
The Adobe Acrobat Reader Plugin does not correctly process
user-supplied input in the parameters supplied to a URI. This may allow
a remote attacker to execute arbitrary code on an affected system.

Rules to detect attacks targeting this vulnerability are included in
this release and are identifed as SIDs 9842 and 9843.


New rules:
9841 <-> SMTP Microsoft Outlook VEVENT overflow attempt (smtp.rules)
9842 <-> WEB-CLIENT Adobe Acrobat Plugin Universal cross-site scripting
attempt (web-client.rules)
9843 <-> WEB-CLIENT Adobe Acrobat Plugin JavaScript parameter double
free attempt (web-client.rules)

Updated rules:
4647 <-> WEB-CLIENT internet explorer javascript onload overflow
attempt (web-client.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFFo+IeMpm0ve0NhMcRAgD+AJwOw/oetF8UQsJxjJLxaQ+jcy4NcQCeOCif
0YEc+1oGSYnHlKRqcGI51Cs=
=OyHJ
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list