[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

Sourcefire VRT research at ...435...
Tue Oct 13 18:26:54 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of multiple vulnerabilities affecting
products from Microsoft and Adobe.

Details:
Microsoft Security Advisory (MS09-050):
A vulnerability in the way that Microsoft Windows systems process
SMBv2.0 transactions may allow a remote attacker to execute code on a
vulnerable system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 16168.

Additionally, a previously released rule to detect attacks targeting
this issue has been updated with the appropriate reference information
and is included in this release as GID 1, SID 15930.

Microsoft Security Advisory (MS09-051):
A vulnerability in Windows Media Runtime may allow a remote attacker to
execute code on a vulnerable system.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 3, SIDs 16157 and 16158.

Microsoft Security Advisory (MS09-052):
A vulnerability in the Windows Media Player may allow a remote attacker
to execute code on an affected system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 16156.

Microsoft Security Advisory (MS09-053):
A vulnerability in the FTP service for Microsoft Internet Information
Services may allow a remote attacker to execute code on an affected
system.

Previously released rules to detect attacks targeting this issue have
been updated with the appropriate reference information and are
included in this release. They are identified with GID 1, SIDs 1973,
2374 and 15932.

Microsoft Security Advisory (MS09-054):
Microsoft Internet Explorer contains programming errors that may allow
a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 16149 through 16152.

Microsoft Security Advisory (MS09-055):
A vulnerability in the way that ActiveX controls are handled may allow
a remote attacker to execute code on a vulnerable system.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 16159 through 16166.

Microsoft Security Advisory (MS09-056):
A vulnerability in the way that SSL certificates are handled by the
Microsoft CryptAPI may allow a remote attacker to spoof a genuine
certificate.

Rules to detect attacks targeting this issue are included in this
release and are identified with GID 3, SIDs 16180 and 16181.

Microsoft Security Advisory (MS09-057):
A vulnerability in the Internet Explorer indexing service may allow a
remote attacker to execute code on an affected system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 16155.

Microsoft Security Advisory (MS09-059):
A vulnerability in the Microsoft Local Security Authority Subsystem
Service (LSASS) may allow a remote attacker to cause a Denial of
Service (Dos) against an affected system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 16167.

Microsoft Security Advisory (MS09-060):
Multiple vulnerabilities in the Microsoft Active Template Library (ATL)
ActiveX controls for Microsoft Office may allow a remote attacker to
execute code on an affected system.

Previously released rules to detect attacks targeting this issue have
been updated with the appropriate reference information and are
included in this release as GID 1, SIDs 15638, 15639, 15670, 15671,
15904 and 15905.

Microsoft Security Advisory (MS09-061):
Multiple vulnerabilities in the Microsoft .NET Common Language Runtime
may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 16179, 16182 and
16183.

Microsoft Security Advisory (MS09-062):
Multiple vulnerabilities in Microsoft GDI+ may allow a remote attacker
to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 16153, 16154, 16177,
16178 and 16184 through 16186.

Additionally, previously released rules that also detect attacks
targeting these vulnerabilities have been updated with the appropriate
reference information and are included in this release, identified with
GID 3, SID 13878 and GID 1, SID 6700.

Adobe Vulnerabilities:
Multiple products from Adobe corporation contain vulnerabilities that
may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 16172 through 16176.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-10-13.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFK1OIIQcQOxItLLaMRAnDDAJ9yql8l8E3zUhm6jNCtHS9k4HpaKwCgiCcq
RyI95So7Z0FFBbm9eoEl3+A=
=4PS1
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list