FILE-IDENTIFY -- Snort has detecte File Type indicators associated with packet data, which it will use to facilitate a flowbit, a method of stringing rules together. In a flowbit, one rule examines packets for file type indications, which it uses to switch rules pertaining to that file type from a dormant to active state in order to process the appropriate packets. File-type rules stay dormant to prevent alerts on innocent traffic. That same traffic, when contained in, for instance, a .doc file attached to an email, might be a threat and should be scanned.
FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected
This event is generated when an attempt is made to exploit a known vulnerability in Media Services. Impact: Denial of Service. Information disclosure. Loss of integrity. Details: Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. Ease of Attack: Simple.
No information provided
No public information
No known false positives
Cisco Talos This document was generated from data supplied by the National Vulnerability Database. A product of the National Institute of Standards and Technology. For more information see http://nvd.nist.gov/
No rule groups
None
No information provided
None