Sourcefire Vulnerability Research Team Labs
VRT Certified Rule Information for Microsoft Security Advisories
As part of the Microsoft
Active Protections Program (MAPP), the Sourcefire VRT has released
detection content to help protect customers from attacks targeting the
vulnerabilities for the following Microsoft Security Advisories:
|
|
| Microsoft Advisory: |
Applicable Rules: |
|
Vulnerability in Internet Explorer Could Allow Remote Code Execution
|
This is a remote code execution vulnerability in Internet Explorer 8. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
For more details, including work-arounds, see the Microsoft advisory linked to the left.
GID 1, SIDs 26569 through 26572 have been released to detect attacks targeting this vulnerability. Sourcefire customers can download the protection from the Sourcefire Customer Support Site, VRT Certified Rule subscribers can download the protection from snort.org.
|
|
Vulnerability in Internet Explorer Could Allow Remote Code Execution
|
Microsoft Internet Explorer 6, 7 and 8 contains a programming error that is manifested when Internet Explorer attempts to access an object in memory that has been deleted or improperly allocated. Successful exploitation of this vulnerability may allow a remote attacker to execute code on a vulnerable system.
For more details, including work-arounds, see the Microsoft advisory linked to the left.
GID 1, SIDs 25125 through 25134 have been released to detect attacks targeting this vulnerability. Sourcefire customers can download the protection from the Sourcefire Customer Support Site, VRT Certified Rule subscribers can download the protection from snort.org.
|
|
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
|
Microsoft XML core services contains a programming error that is manifested when MSXML attempts to access an object in memory that has not been initialized. Successful exploitation of this vulnerability may allow a remote attacker to execute code on a vulnerable system.
For more details, including work-arounds, see the Microsoft advisory linked to the left.
GID 1, SIDs 23142 through 23146 have been released to detect attacks targeting this vulnerability. Sourcefire customers can download the protection from the Sourcefire Customer Support Site, VRT Certified Rule subscribers can download the protection from snort.org.
|
|
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (2639658)
|
WEB-CLIENT Microsoft TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (3:20539)
The Microsoft Windows TrueType font parsing engine contains a vulnerability that may allow a remote attacker to execute code on an affected system. A succesful exploitation of this vulnerability may allow the attacker to execute code in kernel mode. This vulnerability is also related to the Duqu malware.
For more details, including work-arounds, see the Microsoft advisory linked to the left.
GID 3, SID 20539 has been released to detect attacks targeting this vulnerability. Sourcefire customers can download the protection from the Sourcefire Customer Support Site, VRT Certified Rule subscribers can download the protection from snort.org.
|
|
|
Microsoft Advisory to Rule mapping archive
View the archive
')
