9637.txt

This is the snapshot of Snot Latest Rules

Rule

--
Sid
9637

--
Summary:
This event is generated when an attempt is made to exploit a known vulnerability in Adobe Download Manger.

--
Impact:
Serious. Execution of code is possible.

--
Detailed Information:
Adobe has a download application called the Download Manager. It is called by files with an AOM extension.  When called, the Download Manager creates dm.ini files to manage the download.  Within this file is a field to store the URL used to fetch the application.  During processing, the URL is copied into a fixed-size stack buffer of 0x108 (264) bytes.  If the URL specified in the AOM file is greater than 264 bytes, an overflow condition will occur on the stack.

--
Affected Systems:
Adobe Download Manger 2.1

--
Attack Scenarios:
An attacker needs to supply excess data in a transaction using the application. The attacker may then include code of their choosing to be executed on the host.

--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

--
Contributors:
Sourcefire Vulnerability Research Team
Matthew Olney <matthew.olney@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:


--