[Snort-sigs] Crusoe Researches offer new rule for detecting IE html Style crashie vulnerability

rmkml rmkml at ...324...
Fri Feb 29 04:04:11 EST 2008


and exceptionnaly, Crusoe Researches temporarily publish exploit for remote testing your idps solution ... :
  http://www.Crusoe-Researches.com/iecrash.html
Another vulnerability (and rules for detect and blocking) is available Commercially ...
If your existing proxy/ids/ips/hids solution not detect/block: contact me ...
Regards
Rmkml

On Fri, 29 Feb 2008, rmkml wrote:

> Date: Fri, 29 Feb 2008 09:27:00 +0100 (CET)
> From: rmkml <rmkml at ...324...>
> To: Snort-sigs at lists.sourceforge.net
> Cc: contact at ...3281...
> Subject: [Snort-sigs] Crusoe Researches offer new rule for detecting IE html
>     Style crashie vulnerability
> 
> Hi,
>
> Crusoe Researches offering a new rule for detecting IE html Style crashie vulnerability (related to ICQ):
>
> http://www.Crusoe-Researches.com/en/iehtmlstylecrashievulnerability.txt
>
> Credits:
> Crusoe Researches
> http://www.Crusoe-Researches.com
> contact at ...3281...
> => Crusoe Researches have more than 2626 UNIQ 'snort' rules for Commercial Access
>         (Contact me directly if you are interested)
>
> Crusoe Researches support Bro idps project format rules (http://www.bro-ids.org/):
> signature sid-92626 {
>   ip-proto == tcp
>   event "WEB-CLIENT IE html style * position relative DoS attempt"
>   tcp-state established,responder
>   payload /.*\<[sS][tT][yY][lL][eE][^a-zA-Z0-9](.){0,10}*(.){0,15}[pP][oO][sS][iI][tT][iI][oO][nN](.){0,15}[rR][eE][lL][aA][tT][iI][vV][eE](.){0,15}<\/style/
>   }
>
>
> Azwalaro new nidps open source project (WireShark based)
>  http://www.Crusoe-Researches.com/azwalaro/
>  azwalaro at ...3281...
> http matches "(?i)<style[^a-z0-9](.){0,10}\\*(.){0,15}position(.){0,15}relative(.){0,15}</style"
>
> Regards
> Rmkml
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>




More information about the Snort-sigs mailing list