GDI exploit signatures

["Baker, Craig" <Craig.Baker () IFLYATA COM>]

There has been limited feedback/discussion on the GDI vulnerability/exploits
and associated signatures. The signatures provided by the ISC handlers
register many alerts, but the ones I've investigated appear to be false
positives. I just wondered if anyone has had any success with other GDI
detection rules or what the consensus seems to be of the amount of exploits
in the wild. The following link has some exploit code listed on the site,
but I'm not sure if this has been widely distributed or not. Any feedback is
appreciated. This will be a major problem and I hope to be prepared with
some early detection prior to the all-out-assault that might be imminent.

The exploit code appears at:

http://vdb.dragonsoft.com.tw/exploit/msJPEGParsingVulnHighT1mes.c

Regards,

CB


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users