Re: Incorrect SID Information

[beenph <beenph () gmail com>]

On Wed, Dec 5, 2012 at 5:48 PM, Turnbough, Bradley E. <bturnbough () belcan com>
wrote:
> Service Pack 4 on Windows 2000 Service Pack 4 — Download the update
> Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows
2000 Service Pack 4 — Download the update
> Microsoft Internet Explorer 6 for Windows XP Service Pac
The rule information it self seem's acurate in the rule it self..

binf@SINGULAR:~/SNORT/etc/rules$ grep -r "11257" *.rules
browser-ie.rules:# alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET
any (msg:"BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized
memory exploit attempt"; flow:to_client,established; file_data;
content:"<colgroup"; fast_pattern:only;
pcre:"/<colgroup\s+[^>]*id\s*=\s*(?P<q1>\x22|\x27|)(?P<q2>\w+)(?P=q1)[^>]*>.*\s+(?P=q2)(\.delete)|(\.test)/smi";
metadata:policy security-ips drop, service http, service imap, service
pop3; reference:bugtraq,23771; reference:cve,2007-0944; reference:url,
technet.microsoft.com/en-us/security/bulletin/ms07-027;
classtype:attempted-user; sid:11257; rev:7;)

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!