[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue May 5 16:05:09 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of multiple vulnerabilities affecting Adobe
Reader.

Details:
Adobe Reader Code Execution (CVE-2009-1492):
The JavaScript API in Adobe Reader may allow a remote attacker to
execute code on an affected system. The problem occurs when specially
crafted JavaScript uses the getAnnots method in a PDF document.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 15493.

Adobe Reader Buffer Overflow (CVE-2009-1493):
The JavaScript API in Adobe Reader may allow a remote attacker to
execute code on an affected system. The problem occurs when specially
crafted JavaScript uses the customDictionaryOpen method in a PDF
document.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 15492.

Additionally as a result of ongoing research, the Sourcefire VRT has
added multiple rules to the exploit, specific-threats, backdoor,
multimedia and chat rule sets to provide coverage for emerging threats
from these technologies.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-05-05.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKAIlXQcQOxItLLaMRAgi+AJ9uxpH/zn0iE8F/EWbPmFnNkPD+/QCbB/v6
ej9EJSPsiVyB75kPy5mECZo=
=MF0t
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list