Tuesday, May 5, 2009

Rule release for today - May 5th 2009

Adobe Reader Code Execution (CVE-2009-1492):
The JavaScript API in Adobe Reader may allow a remote attacker to execute code on an affected system. The problem occurs when specially crafted JavaScript uses the getAnnots method in a PDF document.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15493.

Adobe Reader Buffer Overflow (CVE-2009-1493):
The JavaScript API in Adobe Reader may allow a remote attacker to execute code on an affected system. The problem occurs when specially crafted JavaScript uses the customDictionaryOpen method in a PDF document.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15492.

Additionally as a result of ongoing research, the Sourcefire VRT has added multiple rules to the exploit, specific-threats, backdoor, multimedia and chat rule sets to provide coverage for emerging threats from these technologies.

Details available here

No comments:

Post a Comment