[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

Michael Scheidell scheidell at ...249...
Tue Apr 14 18:48:51 EDT 2009


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Sourcefire VRT Certified Snort Rules Update
> 
> Synopsis:
> The Sourcefire VRT is aware of multiple vulnerabilities affecting
> Microsoft products.
> 
> Details:
> Microsoft Security Advisory MS09-009:
> A programming error in Microsoft Excel may allow a remote attacker to
> execute code on a vulnerable system via a specially crafted XLS file.
> 
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 15465.
> 
> A previously released rule identified with GID 3, SID 15365 will also
> detect attacks targeting this vulnerability.
> 
> Microsoft Security Advisory MS09-010:
> Multiple vulnerabilities in Microsoft Wordpad may allow a remote
> attacker to execute code on a vulnerable system via a malformed file.
> 
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 3, SIDs 15466,15467,15469 and
> 15455.
> 
> Microsoft Security Advisory MS09-011:
> A programming error in Microsoft DirectShow may allow a remote attacker
> to execute code on a vulnerable system via a specially crafted file.
> 
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 15457.
> 
> Microsoft Security Advisory MS09-012:
> A programming error in the Microsoft network service may allow a remote
> attacker to escalate privileges on a vulnerable system.
> 
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 15470.
> 
> Microsoft Security Advisory MS09-013:
> A vulnerability in Microsoft WinHTTP may allow a remote attacker to
> execute code on a vulnerable system. Additionally, a remote attacker
> may be able to supply an invalid SSL/TLS certificate to the service and
> impersonate a legitimate web service.
> 
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 3, SIDs 15456 and 15462.
> 
> Additionally, a previously released rule identified with GID 3, SID
> 15124 will also detect attacks targeting these vulnerabilities.
> 
> Microsoft Security Advisory MS09-014:
> Multiple vulnerabilities in Microsoft Internet Explorer may allow a
> remote attacker to execute code on a vulnerable system.
> 
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 3, SIDs 15458,15459,15460 and
> 15461.
> 
> Additionally, a previously released rule identified with GID 3, SID
> 15124 will also detect attacks targeting these vulnerabilities.
> 
> Microsoft Security Advisory MS09-015:
> A vulnerability in the Microsoft SearchPath function may be exploited
> by a remote attacker should the target system be using the Apple Safari
> browser.
> 
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 15468.
> 
> Microsoft Security Advisory MS09-016:
> Multiple vulnerabilities in the Microsoft Internet Security and
> Acceleration (ISA) server may allow a remote attacker to cause a Denial
> of Service (DoS) or execute a cross-site scripting attack.
> 
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 3, SIDs 15474 and 15475.
> 
> For a complete list of new and modified rules please see:
> 
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-04-14.html

get: oink, the page you requested doesn't exist yet.
(and I got bugs with udp rules that check flow:)


-- 
Michael Scheidell, CTO
>|SECNAP Network Security
Finalist 2009 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________




More information about the Snort-sigs mailing list