|
Vulnerabilities affecting hosts using Microsoft Windows Active Directory and Microsoft Excel |
|
|
Written by snort.org
|
|
Friday, 13 July 2007 |
VRT Certified Rules Update 2007-07-12
The Sourcefire VRT is aware of vulnerabilities affecting hosts using Microsoft Windows Active Directory and Microsoft Excel.
Details:
Microsoft Security Bulletin MS07-039:
A heap overflow vulnerability exists in the way Microsoft Windows Active Directory handles LDAP messages. The vulnerability is due to a lack of convertible attributes validation in client LDAP request messages. Remote unauthenticated attackers can exploit this vulnerability to inject and execute arbitrary code on the affected target with System level privileges.
A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 12069.
Microsoft Security Bulletin MS07-036:
A memory corruption vulnerability exists in the way Microsoft Excel
processes files. The vulnerability is a result of insufficient data
validation while processing the Version field in a BOF record. A remote
attacker can exploit this vulnerability by enticing the target user to
open a crafted Excel file, potentially causing arbitrary code to be
injected and executed in the security context of the current user.
A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 12070.
Advisory:
A detailed advisory as well as a complete list of modified and deleted rules is available at:
http://www.snort.org/vrt/advisories/vrt-rules-2007-07-12.html
Download Rules:
These rules will be available to subscribers only until Saturday, August 11, 2007. Subscribers can download the rules at:
http://www.snort.org/pub-bin/downloads.cgi |
Index 
