[Snort-sigs] SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt

Nick Randolph drandolph at ...435...
Fri Jan 20 12:09:37 EST 2017


Yes, we are working on it now.

On Fri, Jan 20, 2017 at 12:07 PM, Charlie Dyer <charlierwdyer at ...2420...>
wrote:

> Hi list
>
> The number of false positives these two rules produce is huge!
> Has anyone else seen the same or amended the rule to be a bit more
> specific to the exploit,i.e. user agent is Acrobat Reader or something so
> it's a bit more specific.
>
> Any thoughts gratefully received
>
> Charlie
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>



-- 

Nick Randolph
Research Engineer
Sourcefire, Inc.
nrandolph at ...435...
Sourcefire.com <http://www.sourcefire.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170120/2a937aec/attachment.html>


More information about the Snort-sigs mailing list