[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Apr 14 16:19:50 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of multiple vulnerabilities affecting
Microsoft products.

Details:
Microsoft Security Advisory MS09-009:
A programming error in Microsoft Excel may allow a remote attacker to
execute code on a vulnerable system via a specially crafted XLS file.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 15465.

A previously released rule identified with GID 3, SID 15365 will also
detect attacks targeting this vulnerability.

Microsoft Security Advisory MS09-010:
Multiple vulnerabilities in Microsoft Wordpad may allow a remote
attacker to execute code on a vulnerable system via a malformed file.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 15466,15467,15469 and
15455.

Microsoft Security Advisory MS09-011:
A programming error in Microsoft DirectShow may allow a remote attacker
to execute code on a vulnerable system via a specially crafted file.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 15457.

Microsoft Security Advisory MS09-012:
A programming error in the Microsoft network service may allow a remote
attacker to escalate privileges on a vulnerable system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 15470.

Microsoft Security Advisory MS09-013:
A vulnerability in Microsoft WinHTTP may allow a remote attacker to
execute code on a vulnerable system. Additionally, a remote attacker
may be able to supply an invalid SSL/TLS certificate to the service and
impersonate a legitimate web service.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 15456 and 15462.

Additionally, a previously released rule identified with GID 3, SID
15124 will also detect attacks targeting these vulnerabilities.

Microsoft Security Advisory MS09-014:
Multiple vulnerabilities in Microsoft Internet Explorer may allow a
remote attacker to execute code on a vulnerable system.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 15458,15459,15460 and
15461.

Additionally, a previously released rule identified with GID 3, SID
15124 will also detect attacks targeting these vulnerabilities.

Microsoft Security Advisory MS09-015:
A vulnerability in the Microsoft SearchPath function may be exploited
by a remote attacker should the target system be using the Apple Safari
browser.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 15468.

Microsoft Security Advisory MS09-016:
Multiple vulnerabilities in the Microsoft Internet Security and
Acceleration (ISA) server may allow a remote attacker to cause a Denial
of Service (DoS) or execute a cross-site scripting attack.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 15474 and 15475.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-04-14.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJ5M+7QcQOxItLLaMRAqRWAJoDdURpORHwSfFxzUd/XZuVFjLNXQCghUKm
yNgA/GQDuh/U+2trf93qins=
=X2TY
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list