Snort mailing list archives

[SID 26168, 26169] Invalid rule information

From: "jungun.baek" <jungun.baek () axgate com>
Date: Tue, 29 Aug 2017 10:08:24 +0900

Dear Snort-Team,

I had discovered something wrong when i evaluated exploits which was registered exploit-db.com.

The rule SID 26168 and 26169(revision 3) was described to detect CVE-2013-0090(Microsoft Internet Explorer CHTMLEditor 
use after free attempt), but CVE-2013-0090 does not seem a vulnerability against Internet Explorer CHTMLEditor.
The rules also failed to detect PoC for CVE-2013-0090(https://www.exploit-db.com/exploits/40935/ 
<https://www.exploit-db.com/exploits/40935/>).

According to MS13-021 advisory, CVE-2013-0090 is a vulnerability against Internet Explorer CCaret.

Could you please check once again the rules ?

ps. I guess that the rules targeted CVE-2013-3917(https://tools.cisco.com/security/center/viewAlert.x?alertId=31633 
<https://tools.cisco.com/security/center/viewAlert.x?alertId=31633>)

Best regards,
Eric Baek

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

[SID 26168, 26169] Invalid rule information jungun.baek (Aug 28)