Rule 37111

[James Lay <jlay () slave-tothe-box net>]

This is a noisy one this AM:

alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any 
(msg:"FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read 
attempt"; flow:to_client,established; flowbits:isset,file.swf; 
file_data; content:"RegExp"; fast_pattern:only; content:"<"; 
content:!">"; within:20; metadata:policy balanced-ips drop, policy 
security-ips drop, service ftp-data, service http, service imap, service 
pop3; reference:bugtraq,78710; reference:cve,2015-8418; 
reference:url,helpx.adobe.com/security/products/flash-player/apsb15-32.html; 
classtype:attempted-user; sid:37111; rev:1;)

http://pagead2.googlesyndication[.]com/osd/hbe.swf?id=0~2

James

------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!