|
|
WMF Exploit Sig: msg#00089security.ids.snort.bleedingsnort
There's a new WMF issue, likely not exploitable, but details are still emerging. #by Mr Magic Pants alert tcp any any -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT WMF POC CreateBrushIndirect DoS"; flow:established; content:"|08 00 0 0 00 FA 02 00 00 00 00 00 00 00 00 00 00 07 00 00 00 FC 02 08 00 00 00 00 00 00 80 03 00|"; reference:url,determina.blogspot. com/2007/01/whats-wrong-with-wmf.html; classtype:attempted-user; sid:2003252; rev:1;) Please give it a run and see how it goes. Matt -- -------------------------------------------- Matthew Jonkman Bleeding Edge Threats 765-429-0398 765-807-3060 fax http://www.bleedingthreats.net -------------------------------------------- PGP: http://www.bleedingthreats.com/mattjonkman.asc |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: definition: 00089, Jason Brvenik |
|---|---|
| Next by Date: | Re: definition: 00089, Mike Guiterman |
| Previous by Thread: | Symantec port 2967 sigi: 00089, Matt Jonkman |
| Next by Thread: | Adobe Sigs: 00089, Matt Jonkman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |