[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Feb 24 14:07:35 EST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
After additional research, the Sourcefire VRT has added improved
detection for a vulnerability affecting Adobe Acrobat and Acrobat
Reader to reduce the possibility of false positive events from
occurring.

Details:
Adobe Acrobat and Reader Buffer Overflow:
Adobe Acrobat and Adobe Acrobat Reader contain a programming error that
may allow remote attackers to execute code on a vulnerable system. The
error occurs in the processing of files that use the JBIG2 compression
routines on PDF files. This issue affects both products on Microsoft
Windows, Linux and Mac OS X platforms.

A previously released rule to detect attacks targeting this
vulnerability is included in this release and is now identified with
GID 1, SID 15358. This rule was previously identified with GID 1, SID
15356.

Also, extra rules have been added to detect malicious pdf files being
sent via email as well as a generic rule to detect any pdf files being
sent via email.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-02-24.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJpEVP8GAEVQeoGrMRAmQTAJ9c5UIutI29y1bFqXJ6JnkcegWERQCggczb
9sTMfwtTmyVg0zHM3ZYS1Dc=
=Jf1M
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list