FILE-IDENTIFY -- Snort has detecte File Type indicators associated with packet data, which it will use to facilitate a flowbit, a method of stringing rules together. In a flowbit, one rule examines packets for file type indications, which it uses to switch rules pertaining to that file type from a dormant to active state in order to process the appropriate packets. File-type rules stay dormant to prevent alerts on innocent traffic. That same traffic, when contained in, for instance, a .doc file attached to an email, might be a threat and should be scanned.
FILE-IDENTIFY Microsoft Media Player .asf file magic detected
This event is generated when an attempt is made to exploit a known vulnerability in windows media format runtime. Impact: Denial of Service. Information disclosure. Loss of integrity. Complete admin access. Details: Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. Ease of Attack: Simple. Exploits exist.
No information provided
No public information
No known false positives
Cisco Talos This document was generated from data supplied by the National Vulnerability Database. A product of the National Institute of Standards and Technology. For more information see http://nvd.nist.gov/
No rule groups
None
No information provided
None