Re: SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt

[Nick Randolph <drandolph () sourcefire com>]

Yes, we are working on it now.

On Fri, Jan 20, 2017 at 12:07 PM, Charlie Dyer <charlierwdyer () gmail com>
wrote:

> Hi list
>
> The number of false positives these two rules produce is huge!
> Has anyone else seen the same or amended the rule to be a bit more
> specific to the exploit,i.e. user agent is Acrobat Reader or something so
> it's a bit more specific.
>
> Any thoughts gratefully received
>
> Charlie
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads";>emerging threats</a>!



-- 

Nick Randolph
Research Engineer
Sourcefire, Inc.
nrandolph () sourcefire com
Sourcefire.com <http://www.sourcefire.com/>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!