2436.txt

来自「This is the snapshot of Snot Latest Rule」· 文本 代码 · 共 79 行

TXT
79
字号 
Rule:  --Sid:2436--Summary:This event is generated when an attempt is made to access a file typethat may be subject to a known vulnerability in Microsoft Windows Explorer.--Impact:Denial of Service (DoS) possible execution of arbitrary code.--Detailed Information:When processing Windows Extended Metafile Format (.emf) files, WindowsExplorer sets a buffer size based on information in the header for thefile. If a malformed header is sent, it may be possible for an attackerto cause a DoS condition to occur. It may also be possible for anattacker to execute code of their choosing on a vulnerable host.WARNINGIn order to avoid potential evasion techniques, http_inspect should be configured with "flow_depth 0" so that all HTTP server response traffic is inspected.Setting flow_depth 0 will cause performance problems in some situations.WARNINGThis issue may also affect Microsoft Windows Metafile Format (.wmf)files also.--Affected Systems:	Microsoft Windows XP Home, Professional and Media Center Edition	Microsoft Windows XP Home and Professional SP-1--Attack Scenarios:An attacker might supply a specially crafted request for such a filethat might cause the error condiion to occur.--Ease of Attack:Moderate/Difficult--False Positives:None known.--False Negatives:None known.--Corrective Action:Apply the appropriate vendor supplied patches--Contributors:Sourcefire Vulnerability Research TeamBrian Caswell <bmc@sourcefire.com>Nigel Houghton <nigel.houghton@sourcefire.com>-- Additional References:Microsoft:http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Gaobothttp://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Sasserhttp://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Korgohttp://www.microsoft.com/security/encyclopedia/details.aspx?name=win32/rbothttp://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Sdbothttp://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Mytobhttp://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Spybothttp://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Wootbot--

2436.txt - 源码说明

本页面展示了「This is the snapshot of Snot Latest Rules」中的 2436.txt 源码文件,采用 文本 编程语言编写,共 79 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫开发者社区收录了大量与snapshot相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?