[Snort-sigs] duplicate rules (16412 and 16413) ?

Rodrigo Montoro(Sp0oKeR) spooker at ...2420...
Thu Jun 17 08:19:01 EDT 2010


It's not the same (differents CVE's)

16412 TextByteAtom

http://www.snortid.com/snortid.asp?QueryId=16412
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0033

16413 TextCharsAtom

http://www.snortid.com/snortid.asp?QueryId=16413
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0034

Regards,

On Thu, Jun 17, 2010 at 7:32 AM, Nerijus Krukauskas
<nkrukauskas at ...2420...> wrote:
> Are these two the duplicates of each other? OK, I admit I haven't
> looked into the code (both are SO rules, and heck I've no idea if the
> source _is_ available). But the message is the same and references
> too. And they fire in sync.
>
> WEB-CLIENT Microsoft PowerPoint invalid TextByteAtom remote code
> execution attempt [sid 16412]
> WEB-CLIENT Microsoft PowerPoint invalid TextCharsAtom remote code
> execution attempt [sid 16413]
>
> --
> http://nk99.org/
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>



-- 
Rodrigo Montoro (Sp0oKeR)
http://www.spooker.com.br
http://www.twitter.com/spookerlabs
http://www.linkedin.com/in/spooker




More information about the Snort-sigs mailing list