Snort Search


1-2435 - Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. Impact: CVSS base score 7.6 CVSS impact score 10.0 CVSS exploitability score 4.9 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE Details: Ease of Attack:

Rule

1-48175 - This event is generated when client system tries to download GhostPuppet malicious document Impact: A Network Trojan was detected Details: Malicious HWP IOCs: 089d368dfb814274883927ceca1335e1672766af8160ac5d493ff57e4617a892 089d368dfb814274883927ceca1335e1672766af8160ac5d493ff57e4617a892 349b8afa3a1daf495e7178b563a7de3f58d6c63140d042cc08be5770d03bd8f5 349b8afa3a1daf495e7178b563a7de3f58d6c63140d042cc08be5770d03bd8f5 3cde54dce88a4544bf5ffa36066a184958d4ff74c2e0ce32fdbf91729c0f574e 3cde54dce88a4544bf5ffa36066a184958d4ff74c2e0ce32fdbf91729c0f574e 485f77e5d32de5dc05510743025a75af5b6f714e930e22098490b7afb71b737f 485f77e5d32de5dc05510743025a75af5b6f714e930e22098490b7afb71b737f 4a17324aa55f5353ecd38f34e06e246e971e36ec1bb5180ae8218a59b035f462 4a17324aa55f5353ecd38f34e06e246e971e36ec1bb5180ae8218a59b035f462 596fbdf01557c3ec89b345c57ae5d9a0b7251dd8d5a707f7353dd733274c6eb6 596fbdf01557c3ec89b345c57ae5d9a0b7251dd8d5a707f7353dd733274c6eb6 862250f9b50e46276043715ea32236bd8bb4b875213d83c14f2dcd79854847c6 862250f9b50e46276043715ea32236bd8bb4b875213d83c14f2dcd79854847c6 8e0f0cc87b9d80e5928cf19fe273cde28978ec31b3115f978fa8de2723d470a5 8e0f0cc87b9d80e5928cf19fe273cde28978ec31b3115f978fa8de2723d470a5 9c3221dfc49b159f032eda70e8cb207c60e73ea5f51f9ddc90629292deacf90c 9c3221dfc49b159f032eda70e8cb207c60e73ea5f51f9ddc90629292deacf90c a299bdc3fc07def4b0d5a409484f4717884a78749796960a560a9b30fab2435b a299bdc3fc07def4b0d5a409484f4717884a78749796960a560a9b30fab2435b a9d579819370e860ece7890c3490cde17a41f56a63452066c67799191b1ac0ef a9d579819370e860ece7890c3490cde17a41f56a63452066c67799191b1ac0ef bf1eb0d3601ec35e4419d43d1610e07f0c1a7ae72e36fa8b8846166333a44f2f bf1eb0d3601ec35e4419d43d1610e07f0c1a7ae72e36fa8b8846166333a44f2f c68e996fb9021bb7c316d9d5f9dad9251ec91989152f8908a5ccf1f7e2f581df c68e996fb9021bb7c316d9d5f9dad9251ec91989152f8908a5ccf1f7e2f581df cfaff9d2130794ca4d548615bcc19abfaae388f042f306b898399594833c41ee cfaff9d2130794ca4d548615bcc19abfaae388f042f306b898399594833c41ee d30cb50641ff79fa059fbf1950047d2e34eb3e9ee7b5ff5cced0912160d3edb9 d30cb50641ff79fa059fbf1950047d2e34eb3e9ee7b5ff5cced0912160d3edb9 e498630abe9a91485ba42698a35c2a0d8e13fe5cccde65479bf3033c45e7d431 e498630abe9a91485ba42698a35c2a0d8e13fe5cccde65479bf3033c45e7d431 Ease of Attack:

Rule

1-48176 - This event is generated when client system tries to download GhostPuppet malicious document Impact: A Network Trojan was detected Details: Malicious HWP IOCs: 089d368dfb814274883927ceca1335e1672766af8160ac5d493ff57e4617a892 089d368dfb814274883927ceca1335e1672766af8160ac5d493ff57e4617a892 349b8afa3a1daf495e7178b563a7de3f58d6c63140d042cc08be5770d03bd8f5 349b8afa3a1daf495e7178b563a7de3f58d6c63140d042cc08be5770d03bd8f5 3cde54dce88a4544bf5ffa36066a184958d4ff74c2e0ce32fdbf91729c0f574e 3cde54dce88a4544bf5ffa36066a184958d4ff74c2e0ce32fdbf91729c0f574e 485f77e5d32de5dc05510743025a75af5b6f714e930e22098490b7afb71b737f 485f77e5d32de5dc05510743025a75af5b6f714e930e22098490b7afb71b737f 4a17324aa55f5353ecd38f34e06e246e971e36ec1bb5180ae8218a59b035f462 4a17324aa55f5353ecd38f34e06e246e971e36ec1bb5180ae8218a59b035f462 596fbdf01557c3ec89b345c57ae5d9a0b7251dd8d5a707f7353dd733274c6eb6 596fbdf01557c3ec89b345c57ae5d9a0b7251dd8d5a707f7353dd733274c6eb6 862250f9b50e46276043715ea32236bd8bb4b875213d83c14f2dcd79854847c6 862250f9b50e46276043715ea32236bd8bb4b875213d83c14f2dcd79854847c6 8e0f0cc87b9d80e5928cf19fe273cde28978ec31b3115f978fa8de2723d470a5 8e0f0cc87b9d80e5928cf19fe273cde28978ec31b3115f978fa8de2723d470a5 9c3221dfc49b159f032eda70e8cb207c60e73ea5f51f9ddc90629292deacf90c 9c3221dfc49b159f032eda70e8cb207c60e73ea5f51f9ddc90629292deacf90c a299bdc3fc07def4b0d5a409484f4717884a78749796960a560a9b30fab2435b a299bdc3fc07def4b0d5a409484f4717884a78749796960a560a9b30fab2435b a9d579819370e860ece7890c3490cde17a41f56a63452066c67799191b1ac0ef a9d579819370e860ece7890c3490cde17a41f56a63452066c67799191b1ac0ef bf1eb0d3601ec35e4419d43d1610e07f0c1a7ae72e36fa8b8846166333a44f2f bf1eb0d3601ec35e4419d43d1610e07f0c1a7ae72e36fa8b8846166333a44f2f c68e996fb9021bb7c316d9d5f9dad9251ec91989152f8908a5ccf1f7e2f581df c68e996fb9021bb7c316d9d5f9dad9251ec91989152f8908a5ccf1f7e2f581df cfaff9d2130794ca4d548615bcc19abfaae388f042f306b898399594833c41ee cfaff9d2130794ca4d548615bcc19abfaae388f042f306b898399594833c41ee d30cb50641ff79fa059fbf1950047d2e34eb3e9ee7b5ff5cced0912160d3edb9 d30cb50641ff79fa059fbf1950047d2e34eb3e9ee7b5ff5cced0912160d3edb9 e498630abe9a91485ba42698a35c2a0d8e13fe5cccde65479bf3033c45e7d431 e498630abe9a91485ba42698a35c2a0d8e13fe5cccde65479bf3033c45e7d431 Ease of Attack:

Rule

Talos Rules 2019-07-09 - Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Advisory

1-21763 - Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption. Impact: CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE Details: Ease of Attack:

Rule