[Emerging-updates] Daily Ruleset Update Summary 12/11/2012 (MS Tuesday Coverage)

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Dec 11 16:17:13 HAST 2012


 [***]          Summary:          [***]

 2 new Open 24 new Pro (2/22). MS Tuesday one dupe disabled, a couple tuned
for FP's.

 2016016 - 2016017 CURRENT_EVENT sig for DNS Amplfication attack currently
taking place.
 2805782 - 2805800 MS Tuesday Coverage
http://www.emergingthreats.net/2012/12/11/december-2012-microsoft-tuesday-coverage/
 2805835 Quicktime 7.7.2 Buffer Overflow
 2805836 - 2805837 Ponmocup

 [+++]          Added rules:          [+++]

  Open:
  2016016 - ET CURRENT_EVENTS DNS Amplification Attack Inbound
(current_events.rules)
  2016017 - ET CURRENT_EVENTS DNS Amplification Attack Outbound
(current_events.rules)

  Pro:
  2805782 - ETPRO WEB_CLIENT Microsoft Internet Explorer style object Use
After Free (web_client.rules)
  2805783 - ETPRO WEB_CLIENT Win32k TrueType Font Parsing Vulnerability
SearchRange (web_client.rules)
  2805784 - ETPRO WEB_CLIENT Win32k TrueType Font Parsing Vulnerability
EntrySelector (web_client.rules)
  2805785 - ETPRO WEB_CLIENT Win32k TrueType Font Parsing Vulnerability
RangeShift (web_client.rules)
  2805786 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
with invalid listoverridecount (web_client.rules)
  2805787 - ETPRO WEB_CLIENT Microsoft WORD .DOC File download
CLSID_DirectPlay8Peer (web_client.rules)
  2805788 - ETPRO WEB_CLIENT Microsoft WORD .DOC File download
CLSID_DirectPlay8LobbyClient (web_client.rules)
  2805789 - ETPRO WEB_CLIENT Microsoft WORD .DOC File download
CLSID_DirectPlay8LobbiedApplication (web_client.rules)
  2805790 - ETPRO WEB_CLIENT Microsoft WORD .DOC File download
CLSID_DP8SP_MODEM (web_client.rules)
  2805791 - ETPRO WEB_CLIENT Microsoft WORD .DOC File download
CLSID_DP8SP_SERIAL (web_client.rules)
  2805792 - ETPRO WEB_CLIENT Microsoft WORD .DOC File download
CLSID_DirectPlay8Client (web_client.rules)
  2805793 - ETPRO WEB_CLIENT Microsoft WORD .DOC File download
CLSID_DirectPlay8Address (web_client.rules)
  2805794 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
CLSID_DirectPlay8Peer (web_client.rules)
  2805795 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
CLSID_DirectPlay8LobbyClient (web_client.rules)
  2805796 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
CLSID_DirectPlay8LobbiedApplication (web_client.rules)
  2805797 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
CLSID_DP8SP_MODEM (web_client.rules)
  2805798 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
CLSID_DP8SP_SERIAL (web_client.rules)
  2805799 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
CLSID_DirectPlay8Client (web_client.rules)
  2805800 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download
CLSID_DirectPlay8Address (web_client.rules)
  2805835 - ETPRO WEB_CLIENT Apple QuickTime 7.7.2 TeXML Style Element
font-table Field Stack Buffer Overflow (web_client.rules)
  2805836 - ETPRO TROJAN ponmocup Checkin 1 (trojan.rules)
  2805837 - ETPRO TROJAN ponmocup Checkin 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2016001 - ET CURRENT_EVENTS PDF /XFA and PDF-1.[0-4] Spec Violation (seen
in pamdql and other EKs) (current_events.rules)
  2803963 - ETPRO TROJAN Worm.Win32.Socks.s Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2015649 - ET CURRENT_EVENTS Fake AV base64 affid initial Landing or owned
Check-In, asset owned if /callback/ in URI (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20121211/629d71b3/attachment.html>


More information about the Emerging-updates mailing list