-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sourcefire VRT Advisory
Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned the
release of proof of concept code that demonstrates the ability to
execute code via a vulnerability in the way that Internet Explorer
handles a Javascript event.
The Sourcefire VRT has confirmed that a rule identified as sid 4647,
released on November 9, 2005, will generate events when an attempt is
made to exploit this vulnerability including use of the proof of
concept code.
Details:
A vulnerability exists in the way Internet Explorer handles the
window() function supplied to the javascript "onload" handler as a
parameter. The conditions for exploitation occur when a page is opened
in the browser that uses <body onload=window();>.
Detection:
Sourcefire VRT rule packs released on November 9, 2005 contained sid 4647
that will generate events when an attempt is made to exploit this
vulnerability, including use of the proof of concept code.
Note: Sid 4647 is NOT enabled by default, should detection for this
vulnerability be required, this rule should be enabled.
Additional References:
Microsoft Security Advisory (911302)
http://www.microsoft.com/technet/security/advisory/911302.mspx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg4N3Mpm0ve0NhMcRAneMAJ9Ee07dVuc7CmlnG3/Wb5dGLXp49gCeN43+
yAv+0SX0/RnQ0YiRImDTUdk=
=DTsL
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
