A small set of new rules in today's release and a couple of modifications. Here are the highlights:
Adobe Flash Player Buffer Overflow (CVE-2009-0520):
Adobe Flash Player contains a programming error that may allow a remote attacker to execute code on a vulnerable system via a specially crafted flash file.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15478.
Oracle BEA WebLogic Buffer Overflow (CVE-2008-5457):
Oracle BEA WebLogic contains a programming error that may allow a remote attacker to execute code on a vulnerable system.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15477.
A previously released rule identified with GID 1, SID 15263 will also detect attacks targeting this vulnerability.
RealNetworks Helix Server Buffer Overflow (CVE-2008-5911):
RealNetworks Helix Server contains a programming error that may allow a remote attacker to execute code on a vulnerable system. The error occurs when the application fails to properly process RTSP header information.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15479.
The advisory is available here.
Tuesday, April 21, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.