[Emerging-Sigs] Signature for Microsoft Internet Explorer MSHTML Findtext Processing Issue

Matthew Jonkman jonkman at emergingthreatspro.com
Fri Oct 29 12:05:06 EDT 2010


Agreed. Unless we see the exact PoC in the wild extensively, it's not going to be a good use of cpu cycles. 

Matt



On Oct 29, 2010, at 10:19 AM, Daniel Shepherd wrote:

> My thoughts exactly...ultimately the BEST thing would be to abandon the sig as it is written.
> 
> D
> 
> On Fri, Oct 29, 2010 at 10:09 AM, evilghost at packetmail.net <evilghost at packetmail.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 10/29/10 08:06, Daniel Shepherd wrote:
> > Maybe it is better to not have the CVE and only the link to
> > exploit-db.com <http://exploit-db.com> since it catches the PoC code on
> > exploit-db and not the generalized vulnerability that would be
> > referenced by the CVE.
> 
> My thoughts -- I don't want signatures to catch PoC, I want to catch the
> vulnerability.  If I wanted protection from PoC I'd only use VRT.
> 
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iQIcBAEBAgAGBQJMytV+AAoJENgimYXu6xOHYmsP/1xmcWj2gLo4sAJdHBzUylOe
> aFQX8v4EP+6g7U3BGLVkUIpONESNmo9OI8FJUvSHUYYhug5hCy5sKSTTXEj3+wOc
> GVKDHkKNq74YE4mqj8b781EUMhpqs+kYCqqjCozMJV0olDjoDaofAjNuqff3dYTL
> AYD9CPxJRl9H3YXFT0zB1w3KdgU5DBebQ7MsItE94g+BZr0rxDuohynr6ZtZu+ij
> Tp9YrXpGdGkJROG+D4ruA6qrJAtnGnmHPIqUSAU16hu2tcHe2/USZ2pepZMeEf9/
> TJQjUQX52lEksSaFFgzVDeGIz7RWVnmYVhcmaX0uqHUFOKKxsEeTjn6dg/BNtenF
> 0ulOCqBXZBXVxamWHxjYNmmUMqpaSquqH38GV4YEmiX95NVB95UMZuzoxfmu4QMK
> +Z2bReU4U92kPFnwJkwFjblaDWHoHLa7SLQpHnDE/9B993RzjupcQ0H4rl84v781
> nwS3BFPiquOUMCedIOHgdiCsYgX6LnR72TOuRfPiqKEKbW6QmK2H+pIhU4HkLCYi
> VQm5Nb2o2bbHrlxXYf92Tlqp0d6I6cprChaFckYCbXotrFdA3nYgNd9ux/lFZTTG
> xhYApPTjd0yLJFZDFUykh59W6fOcWCUt9RLJyjN8iaDxydewCQfjGsFQtZ0GBOFY
> dECXzh9VD+wT9tqXfroL
> =2DNk
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101029/52590198/attachment.html


More information about the Emerging-sigs mailing list