3689.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
3689

--
Summary:
This event is generated when an attempt is made to exploit a buffer overflow
associated with the processing of a Portable Network Graphics (PNG) file by
Internet Explorer.

--
Impact:
A successful attack may cause a buffer overflow and the subsequent execution
of arbitrary code on a vulnerable client host.

--
Detailed Information:
A vulnerability exists in the way Internet Explorer handles the
transparency chunk of a PNG file, enabling a buffer overflow and the
subsequent execution of arbitrary code on a vulnerable client.  A PNG
datastream consists of a PNG marker followed by a sequence of chunks
that have a specific format and function.

WARNING
Setting flow_depth 0 will cause performance problems in some situations.
WARNING

--
Affected Systems:
	Internet Explorer 6 SP1 and prior
	Internet Explorer 5.5 SP2 and prior

--
Attack Scenarios:
An attacker can create a malformed PNG file on a web server, entice a user
to download it, possibly causing a buffer overflow on a vulnerable client.

--
Ease of Attack:
Simple. Exploit code exists.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

--
Contributors:
Sourcefire Vulnerability Research Team
Judy Novak <judy.novak@sourcefire.com>
Brian Caswell <bmc@sourcefire.com>

--
Additional References


--