Metasploit has a working exploit for another IE issue. This
is NOT the
VML flaw. Whole new one.
Sig by cbyrd01:
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:
"BLEEDING-EDGE EXPLOIT MSIE WebViewFolderIcon setSlice
invalid memory
copy"; flow: to_client,established;
content:"WebViewFolderIcon"; nocase;
content:".setSlice"; nocase;
content:"0x7ffffff"; nocase;
reference:url,riosec.com/msie-setslice-vuln;
reference:url,osvdb.org/27110; classtype:attempted-user;
sid:2003110;
rev:1; )
This is in the current tarball. We also have a revision to
the VML sig
from nathan, Blake is testing it out, will be posted asap.
Thanks!
Matt
--
--------------------------------------------
Matthew Jonkman
Bleeding Snort
765-429-0398 Direct
http://www.bleedingsnort
.com
--------------------------------------------
PGP: http://w
ww.bleedingsnort.com/mattjonkman.key
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs bleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
|