File: 100000100.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (71 lines) | stat: -rw-r--r-- 1,278 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
Rule: 

--
Sid: 
100000100

-- 
Summary: 
This event is generated when a URI of 1,050 bytes ore more is requested from an 
internal web server.

-- 

Impact: 
Unknown.

--
Detailed Information:
This rule is used in conjunction with SID 100000101 to detect buffer overflow 
attacks against the Adobe Acrobat/Acrobat Reader ActiveX Control, pdf.ocx. This 
rule should never generate an alert.

--
Affected Systems:
Adobe Acrobat 5.0
Adobe Acrobat 5.0.5
Adobe Acrobat 6.0
Adobe Acrobat 6.0.1
Adobe Acrobat Reader 5.0
Adobe Acrobat Reader 5.0.5
Adobe Acrobat Reader 5.1
Adobe Acrobat Reader 6.0
Adobe Acrobat Reader 6.0.1

--

Attack Scenarios: 
A web browser or automated script may be used to exploit this vulnerability.

-- 

Ease of Attack: 
Simple, as simply typing a long URI into a web browser will suffice.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
Upgrade to Adobe Acrobat/Acrobat Reader 6.0.2.
An alternate workaround is available: disable "Display PDF in browser" under 
Edit -> Preferences.

--
Contributors: 
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:
http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=2589&fileID=2433

--