FILE-IMAGE -- Snort detected suspicious traffic targeting vulnerabilities found inside images files, regardless of delivery method, targeted software, or image type. (Examples include: jpg, png, gif, bmp). These rules search for malformed images used to exploit system. Attackers alter image attributes, often to include shell code, so they are susceptible to vulnerabilities when they are parsed and send commands instead of loading the image.
FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
This rule detects a crafted JPEG image file with malformed APP1 segment which causes an out of bounds memory access leading to access violation exception, or code corruption, control-flow hijack, or information leak attack.
This rule detects a crafted JPEG image file with malformed APP1 segment which causes an out of bounds memory access leading to access violation exception, or code corruption, control-flow hijack, or information leak attack.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Memory Corruption
Memory Corruption is any vulnerability that allows the modification of the content of memory locations in a way not intended by the developer. Memory corruption results are inconsistent; they could lead to fatal errors and system crashes or data leakage; some have no effect at all.
CVE-2017-2960 |
Loading description
|
Tactic: Execution
Technique: Exploitation for Client Execution
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org