Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISSForum] G100 and Zero-Day Word Vulnerability

from [Matthew A Durfee] Network Security [Permanent Link]
Subject: [ISSForum] G100 and Zero-Day Word Vulnerability
Date: Fri, 2 Mar 2007 10:01:18 -0500 
Ok, here is my issue.  We are trying to block the Microsoft word "Office" 
vulnerability with our G100.  ISS sent out an update on 2/16 that should stop 
this Vulnerability from entering out network.  The signatures are as follows:
 
CompoundFile_Office_Document_CodeExec
CompoundFile_Word_Code_Exec
 
I have these both enabled on the G100 and set to block.  I have gone out and 
found the vulnerability on the web and did some penetration testing myself.  
However, in my testing I could not get those to signatures to fire.  Has anyone 
tested for this vulnerability and had the signatures fire off correctly??  If 
so,  I need to find out what I'm doing wrong.

Matt

 

CONFIDENTIALITY NOTICE:
This email message, including any attachments, is for the designated
recipients(s) only and may contain confidential and privileged information.
Any unauthorized review, use, disclosure, copying, distribution or the
taking of any action because of this information is prohibited.
If you have received it in error, please notify the sender immediately
and delete the original.
_______________________________________________
ISSForum mailing list
ISSForum@atla-mm1.iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISSForum] G100 and Zero-Day Word Vulnerability, Matthew A Durfee <=
Previous by Date:  Re: [ISSForum] Cannot get master status on network sensor, Soldatov, Sergey V.
Next by Date:  [ISSForum] HTML_UTF8_Overflow tuning, Soldatov, Sergey V.
Previous by Thread:  [ISSForum] Cannot get master status on network sensor, Javier Reyna Padilla
Next by Thread:  [ISSForum] HTML_UTF8_Overflow tuning, Soldatov, Sergey V.
Indexes:  [Date] [Thread] [Top] [All Lists]