Snort mailing list archives
SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
From: Charlie Dyer <charlierwdyer () gmail com>
Date: Fri, 20 Jan 2017 17:07:48 +0000
Hi list The number of false positives these two rules produce is huge! Has anyone else seen the same or amended the rule to be a bit more specific to the exploit,i.e. user agent is Acrobat Reader or something so it's a bit more specific. Any thoughts gratefully received Charlie
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Charlie Dyer (Jan 20)