[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Wed Oct 10 00:25:12 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of multiple vulnerabilities affecting Microsoft products.

Details:
Microsoft Security Bulletin MS07-055:
Kodak Image Viewer contains a flaw that may allow a remote attacker to execute code via a specially crafted image file.

Rules to detect attacks targeting this vulnerability are included in this release and are identified as SIDs 12631 through 12634.

Microsoft Security Bulletin MS07-056:
Microsoft Outlook Express and Windows Mail for Vista contain a programming error that may allow a remote attacker to execute code on an affected host via an NNTP server response.

A shared object rule to detect attacks targeting this vulnerability is included in this release and is identified as GID 3 SID 12636.

Microsoft Security Bulletin MS07-057:
Microsoft Internet Explorer does not correctly handle errors encountered when handling file download queues. This may allow a remote attacker to execute code on a vulnerable host.

Previously released rules identified as SIDs 10504 and 10505 will generate events on attempts to exploit this vulnerability.
Additionally, a rule to detect other attack vectors targeting this vulnerability is included in this release and is identified as SID 12630.

Microsoft Security Bulletin MS07-058:
Microsoft Windows systems using RPC may be vulnerable to a Denial of Service (DoS) condition that occurs when a malformed authentication request is transmitted to an affected host.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 12635.

Microsoft Security Bulletin MS07-059:
Microsoft Windows SharePoint Services and Microsoft Office SharePoint Server suffer from a programming error that may allow an attacker to execute code and escalate privileges on an affected system.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 12629.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-10-09.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)

iD8DBQFHDDQNoFlcG+k7cPwRAi7XAJ4ufKwcD2MFrph2wsJuATTK5XumIACcCIA+
5tsE2+8DgYLyp1YhrBjwKbs=
=RmGU
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list