[***] Results from Oinkmaster started Fri Feb 15 17:00:08 2008 [***]
[+++] Added rules: [+++]
2007850 - ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX Control
Buffer Overflow Vulnerability (bleeding-exploit.rules)
2007851 - ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX
Component Heap Buffer Overflow Exploit (bleeding-exploit.rules)
2007852 - ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure Method
Exploit (bleeding-exploit.rules)
2007853 - ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX Control
Insecure Method Vulnerability (bleeding-exploit.rules)
[///] Modified active rules: [///]
2007724 - ET TROJAN Prg Trojan HTTP POST version 2 (bleeding-virus.rules)
2007816 - ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in
Use (bleeding.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (10):
2007724 || ET TROJAN Prg Trojan HTTP POST version 2 ||
url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX
CLSID in Use || url,isc.sans.org/diary.html?storyid=3929 ||
url,www.milw0rm.com/exploits/5049
2007850 || ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX
Control Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/4979 ||
bugtraq,27438
2007851 || ET EXPLOIT Citrix Presentation Server Client WFICA.OCX
ActiveX Component Heap Buffer Overflow Exploit || cve,CVE-2006-6334 ||
bugtraq,21458 || url,www.milw0rm.com/exploits/5106
2007852 || ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure
Method Exploit || bugtraq,27193 || url,www.milw0rm.com/exploits/4982
2007853 || ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX
Control Insecure Method Vulnerability || bugtraq,27439 ||
url,www.milw0rm.com/exploits/4981
2402000 || ET DROP Dshield Block Listed Source ||
url,feeds.dshield.org/block.txt
2403000 || ET DROP Dshield Block Listed Source - BLOCKING ||
url,feeds.dshield.org/block.txt
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) ||
url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
|| url,www.shadowserver.org
-> Added to bleeding-sid-msg.map.txt (10):
2007724 || ET TROJAN Prg Trojan HTTP POST version 2 ||
url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX
CLSID in Use || url,isc.sans.org/diary.html?storyid=3929 ||
url,www.milw0rm.com/exploits/5049
2007850 || ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX
Control Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/4979 ||
bugtraq,27438
2007851 || ET EXPLOIT Citrix Presentation Server Client WFICA.OCX
ActiveX Component Heap Buffer Overflow Exploit || cve,CVE-2006-6334 ||
bugtraq,21458 || url,www.milw0rm.com/exploits/5106
2007852 || ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure
Method Exploit || bugtraq,27193 || url,www.milw0rm.com/exploits/4982
2007853 || ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX
Control Insecure Method Vulnerability || bugtraq,27439 ||
url,www.milw0rm.com/exploits/4981
2402000 || ET DROP Dshield Block Listed Source ||
url,feeds.dshield.org/block.txt
2403000 || ET DROP Dshield Block Listed Source - BLOCKING ||
url,feeds.dshield.org/block.txt
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) ||
url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
|| url,www.shadowserver.org
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (2):
2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url,
ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX
CLSID in Use || url,isc.sans.org/diary.html?storyid=3929
-> Removed from bleeding-sid-msg.map.txt (2):
2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url,
ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX
CLSID in Use || url,isc.sans.org/diary.html?storyid=3929
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
