[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-11-07

Research research at ...435...
Mon Nov 7 15:21:55 EST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of a vulnerability affecting hosts using
the Microsoft Windows operating system.

Details:
Microsoft Security Advisory (2639658):
The Microsoft Windows TrueType font parsing engine contains a
vulnerability that may allow a remote attacker to execute code on an
affected system. A succesful exploitation of this vulnerability may
allow the attacker to execute code in kernel mode. This vulnerability
is also related to the Duqu malware.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 20539.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-11-07.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFOuD3jaBoqZBVJfwMRAijNAJ4yOFdL/V2CFglhG9RPvXNFedh5aQCfTTA/
gHwQDTqtv4MaT4dFBeKy3r0=
=ARH6
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list