Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Tue, 13 Feb 2007 17:45:07 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire Vulnerability Research Team (VRT) is aware of multiple
vulnerabilities affecting Microsoft products.


Details:
Microsoft Security Bulletin MS07-005:
Step-by-Step Interactive Training contains a remotely exploitable
vulnerability that may allow an attacker to execute code on a
vulnerable system.

Rules to detect attacks targeting this vulnerability were released on
September 29, 2005 and are identified as SIDs 4195 and 4196.

Microsoft Security Bulletin MS07-008:
A vulnerability exists in the HTML Help ActiveX control that may allow
a remote attacker to execute code on a vulnerable system.

Rules to detect attacks targeting this vulnerability were released on
August 9, 2006 and are identified as SIDs 7439 and 7440.

Microsoft Security Bulletin MS07-009:
A vulnerability exists in the Microsoft Data Access Components (MDAC)
ActiveX control that may allow a remote attacker to execute code on a
vulnerable system.

A rule to detect attacks targeting this vulnerability was released on
September 1, 2006 and is identified as SID 7866.

Microsoft Security Bulletin MS07-016:
Multiple vulnerabilities exist in Internet Explorer that may allow a
remote attacker to execute code on a vulnerable system. The problems
lie in how Internet Explorer handles COM objects and how the
application handles FTP server responses.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified as SIDs 10137 through 10155.

Microsoft Security Bulletin MS07-014:
A vulnerability in Microsoft Word exists that may allow an attacker to
execute code on an affected host using a specially crafted Word
document.

Microsoft documents that exhibit vulnerable characteristics can be
identified using the OfficeCat tool.

Microsoft Security Bulletin MS07-015:
Microsoft Excel contains a programming error that may allow an attacker
to execute code on an affected host using a specially crafted Excel
file.

Microsoft documents that exhibit vulnerable characteristics can be
identified using the OfficeCat tool.



New rules:
10137 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX clsid access
(web-client.rules)
10138 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX clsid
unicode access (web-client.rules)
10139 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX function
call access (web-client.rules)
10140 <-> WEB-CLIENT Microsoft Input Method Editor 2 ActiveX clsid
access (web-client.rules)
10141 <-> WEB-CLIENT Microsoft Input Method Editor 2 ActiveX clsid
unicode access (web-client.rules)
10142 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX clsid access
(web-client.rules)
10143 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX clsid unicode
access (web-client.rules)
10144 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX function call
access (web-client.rules)
10145 <-> WEB-CLIENT HTML Inline Sound Control ActiveX clsid access
(web-client.rules)
10146 <-> WEB-CLIENT HTML Inline Sound Control ActiveX clsid unicode
access (web-client.rules)
10147 <-> WEB-CLIENT HTML Inline Sound Control ActiveX function call
access (web-client.rules)
10148 <-> WEB-CLIENT HTML Inline Movie Control ActiveX clsid access
(web-client.rules)
10149 <-> WEB-CLIENT HTML Inline Movie Control ActiveX clsid unicode
access (web-client.rules)
10150 <-> WEB-CLIENT HTML Inline Movie Control ActiveX function call
access (web-client.rules)
10151 <-> WEB-CLIENT BlnSetUser Proxy ActiveX clsid access
(web-client.rules)
10152 <-> WEB-CLIENT BlnSetUser Proxy ActiveX clsid unicode access
(web-client.rules)
10153 <-> WEB-CLIENT BlnSetUser Proxy ActiveX function call access
(web-client.rules)
10154 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid access
(web-client.rules)
10155 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid unicode access
(web-client.rules)

Updated rules:
4195 <-> WEB-CLIENT multipacket CBO CBL CBM file transfer attempt
(web-client.rules)
4196 <-> WEB-CLIENT CBO CBL CBM file transfer attempt
(web-client.rules)
7439 <-> WEB-CLIENT HTML Help ActiveX clsid access (web-client.rules)
7440 <-> WEB-CLIENT HTML Help ActiveX clsid unicode access
(web-client.rules)
7866 <-> WEB-CLIENT ADODB.Connection ActiveX clsid access
(web-client.rules)
7867 <-> WEB-CLIENT ADODB.Connection ActiveX clsid unicode access
(web-client.rules)
9640 <-> WEB-CLIENT ADODB.Connection ActiveX function call access
(web-client.rules)
10132 <-> RPC portmap BrightStor ARCserve denial of service attempt
(rpc.rules)
10133 <-> RPC portmap BrightStor ARCserve denial of service attempt
(rpc.rules)
10136 <-> TELNET Solaris login environment variable authentication
bypass attempt (telnet.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF0j9zMpm0ve0NhMcRAuzZAJ95DxtwMko2EFCKk8l+BKLNJXzHRQCcCCF8
e83p+wMbzsT5TRykm/183k0=
=RVdf
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Next by Thread:  Re: [Snort-users] [Snort-sigs] Flowbit dependancy issue, Matt Jonkman
Indexes:  [Date] [Thread] [Top] [All Lists]