Snort mailing list archives
[SID 26168, 26169] Invalid rule information
From: "jungun.baek" <jungun.baek () axgate com>
Date: Tue, 29 Aug 2017 10:08:24 +0900
Dear Snort-Team, I had discovered something wrong when i evaluated exploits which was registered exploit-db.com. The rule SID 26168 and 26169(revision 3) was described to detect CVE-2013-0090(Microsoft Internet Explorer CHTMLEditor use after free attempt), but CVE-2013-0090 does not seem a vulnerability against Internet Explorer CHTMLEditor. The rules also failed to detect PoC for CVE-2013-0090(https://www.exploit-db.com/exploits/40935/ <https://www.exploit-db.com/exploits/40935/>). According to MS13-021 advisory, CVE-2013-0090 is a vulnerability against Internet Explorer CCaret. Could you please check once again the rules ? ps. I guess that the rules targeted CVE-2013-3917(https://tools.cisco.com/security/center/viewAlert.x?alertId=31633 <https://tools.cisco.com/security/center/viewAlert.x?alertId=31633>) Best regards, Eric Baek
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- [SID 26168, 26169] Invalid rule information jungun.baek (Aug 28)