VRT Advisories


VRT Rules 2008-08-12

Sourcefire VRT Rules Update

Date: 2008-08-12

Synopsis:

The Sourcefire VRT is aware of multiple vulnerabilities affecting Microsoft products.

Details:

Microsoft Security Advisory MS08-041:
The Microsoft Access Snapshot Viewer ActiveX control contains a vulnerability that may allow a remote attacker to execute code on an affected system.

Previously released rules will detect attacks targeting this vulnerability and are identified with GID 1, SIDs 7981 and 7982 and GID 3, SIDs 13903 through 13910.

Microsoft Security Advisory MS08-043:
Microsoft Excel contains programming errors that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 13972 and 13973.

Microsoft Security Advisory MS08-044:
Microsoft Office Filters contain programming errors that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 13946, 13947, 13958, 13970 and 13979.

Microsoft Security Advisory MS08-045:
Microsoft Internet Explorer contains multiple vulnerabilities that may allow an attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 13960, 13961, 13963, 13964, 13974 and 13980.

Microsoft Security Advisory MS08-046:
The Microsoft Windows Image Color Management System contains a programming error that may allow a remote attacker to execute code on an affected system via a malformed image file.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 13954.

Microsoft Security Advisory MS08-048:
Microsoft Outlook Express and Windows Mail contain a programming error that may result in information disclosure while viewing HTML files.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 13962.

Microsoft Security Advisory MS08-049:
The Microsoft Windows Event System contains multiple vulnerabilities that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 13975 through 13979.

Microsoft Security Advisory MS08-050:
Microsoft Windows Messenger contains a programming error that may result in information disclosure via the scripting of an ActiveX control.

Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 3, SIDs 13965 through 13968.

Microsoft Security Advisory MS08-051:
Microsoft PowerPoint and Microsoft Office PowerPoint Viewer contain programming errors that may allow a remote attacker to execute code on an affected system via a malformed PowerPoint file.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 13969 and 13971.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.