[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2010-11-04

Research research at ...435...
Thu Nov 4 15:36:04 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting Microsoft
Internet Explorer and ProFTP.

Details:
Microsoft Security Advisory (CVE-2010-3962):
Microsoft Internet Explorer contains a programming error that may allow
a remote attacker to execute code on a vulnerable system. The error
occurs when the application attempts to access an invalid flag
reference after an object is deleted.

A rule to detect attacks targeting this issue is included in this
release and is identified with GID 3, SID 18062.

ProFTP Remote Code Execution (CVE-2010-3867):
ProFTP contains a programming error that may allow a remote attacker to
execute code on an affected system.

The FTP-Telnet preprocessor will detect attacks targeting this issue
with GID 125 SID 1.

Additionally, multiple rules have been added to the spyware-put,
specific-threats, blacklist and phishing-spam rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-11-04.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFM0weEQcQOxItLLaMRAtWwAJ4g70VXCyVM0SPli3tXPoK1FkXOCgCgjUZB
VI0yVSQWvI7oOznygmEjnzU=
=3DbS
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list