Snort mailing list archives

SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt

From: Charlie Dyer <charlierwdyer () gmail com>
Date: Fri, 20 Jan 2017 17:07:48 +0000

Hi list

The number of false positives these two rules produce is huge!
Has anyone else seen the same or amended the rule to be a bit more specific
to the exploit,i.e. user agent is Acrobat Reader or something so it's a bit
more specific.

Any thoughts gratefully received

Charlie

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Charlie Dyer (Jan 20)
- Re: SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Nick Randolph (Jan 20)
- Re: SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Al Lewis (allewi) (Jan 20)
  - Re: SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Charlie Dyer (Jan 20)
    - Re: SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Nick Randolph (Jan 23)