[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Mon Jun 28 15:17:54 EDT 2010


[***] Results from Oinkmaster started Mon Jun 28 15:17:54 2010 [***]

[///]     Modified active rules:     [///]

 2010482 - ET WEB_CLIENT IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt (emerging-web_client.rules)
 2010483 - ET WEB_CLIENT IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt (emerging-web_client.rules)
 2010799 - ET CURRENT_EVENTS Possible Internet Explorer srcElement Memory Corruption Attempt (emerging-current_events.rules)
 2010931 - ET CURRENT_EVENTS Possible Microsoft Internet Explorer iepeers.dll Use-after-free Arbitrary Remote Code Execution Attempt (emerging-current_events.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-current_events.rules (2):
        # Modified to avoid the short content matches as these should be accurate enough. Revision number has been incremented and msg slightly modified and a few more references added (BID, Cisco & Microsoft)
        # Additional references and slight modification to msg

     -> Added to emerging-sid-msg.map (4):
        2010482 || ET WEB_CLIENT IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010482 || cve,2009-0215 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17871 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010483 || ET WEB_CLIENT IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010483 || cve,2009-0215 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17871 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010799 || ET CURRENT_EVENTS Possible Internet Explorer srcElement Memory Corruption Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE || url,doc.emergingthreats.net/2010799 || cve,2010-0249 || url,www.kb.cert.org/vuls/id/492515 || url,tools.cisco.com/security/center/viewAlert.x?alertId=19726 || url,www.microsoft.com/technet/security/bulletin/ms10-002.mspx
        2010931 || ET CURRENT_EVENTS Possible Microsoft Internet Explorer iepeers.dll Use-after-free Arbitrary Remote Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE || url,doc.emergingthreats.net/2010931 || cve,2010-0806 || url,www.kb.cert.org/vuls/id/744549 || url,www.microsoft.com/technet/security/bulletin/ms10-018.mspx || url,tools.cisco.com/security/center/viewAlert.x?alertId=20052 || url,www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/

     -> Added to emerging-sid-msg.map.txt (4):
        2010482 || ET WEB_CLIENT IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010482 || cve,2009-0215 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17871 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010483 || ET WEB_CLIENT IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010483 || cve,2009-0215 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17871 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010799 || ET CURRENT_EVENTS Possible Internet Explorer srcElement Memory Corruption Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE || url,doc.emergingthreats.net/2010799 || cve,2010-0249 || url,www.kb.cert.org/vuls/id/492515 || url,tools.cisco.com/security/center/viewAlert.x?alertId=19726 || url,www.microsoft.com/technet/security/bulletin/ms10-002.mspx
        2010931 || ET CURRENT_EVENTS Possible Microsoft Internet Explorer iepeers.dll Use-after-free Arbitrary Remote Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE || url,doc.emergingthreats.net/2010931 || cve,2010-0806 || url,www.kb.cert.org/vuls/id/744549 || url,www.microsoft.com/technet/security/bulletin/ms10-018.mspx || url,tools.cisco.com/security/center/viewAlert.x?alertId=20052 || url,www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/

     -> Added to emerging-web_client.rules (1):
        # Updated references and revision numbers for Cisco, CVE and BID and changed message to something more informative

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (4):
        2010482 || ET WEB_CLIENT IBM Access Support ActiveX Stack Overflow Function call Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010482 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010483 || ET WEB_CLIENT IBM Access Support ActiveX stack Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010483 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010799 || ET CURRENT_EVENTS Internet Explorer CVE-2010-0249 srcElement Remote Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE || url,doc.emergingthreats.net/2010799 || cve,2010-0249
        2010931 || ET CURRENT_EVENTS Possible Microsoft Internet Explorer iepeers.dll Remote Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE || url,doc.emergingthreats.net/2010931 || cve,2010-0806 || url,www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/

     -> Removed from emerging-sid-msg.map.txt (4):
        2010482 || ET WEB_CLIENT IBM Access Support ActiveX Stack Overflow Function call Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010482 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010483 || ET WEB_CLIENT IBM Access Support ActiveX stack Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010483 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010799 || ET CURRENT_EVENTS Internet Explorer CVE-2010-0249 srcElement Remote Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE || url,doc.emergingthreats.net/2010799 || cve,2010-0249
        2010931 || ET CURRENT_EVENTS Possible Microsoft Internet Explorer iepeers.dll Remote Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE || url,doc.emergingthreats.net/2010931 || cve,2010-0806 || url,www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/



More information about the Emerging-updates mailing list