[Snort-sigs] SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt

Charlie Dyer charlierwdyer at ...2420...
Fri Jan 20 12:07:48 EST 2017


Hi list

The number of false positives these two rules produce is huge!
Has anyone else seen the same or amended the rule to be a bit more specific
to the exploit,i.e. user agent is Acrobat Reader or something so it's a bit
more specific.

Any thoughts gratefully received

Charlie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170120/52c22cc5/attachment.html>


More information about the Snort-sigs mailing list