[Snort-users] GDI exploit signatures

Baker, Craig Craig.Baker at ...12516...
Tue Oct 5 23:26:04 EDT 2004


There has been limited feedback/discussion on the GDI vulnerability/exploits
and associated signatures. The signatures provided by the ISC handlers
register many alerts, but the ones I've investigated appear to be false
positives. I just wondered if anyone has had any success with other GDI
detection rules or what the consensus seems to be of the amount of exploits
in the wild. The following link has some exploit code listed on the site,
but I'm not sure if this has been widely distributed or not. Any feedback is
appreciated. This will be a major problem and I hope to be prepared with
some early detection prior to the all-out-assault that might be imminent.

The exploit code appears at:

http://vdb.dragonsoft.com.tw/exploit/msJPEGParsingVulnHighT1mes.c

Regards,

CB




More information about the Snort-users mailing list