todays AUSCERT alert, filename.rules.conf tweak

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 4 15:11:39 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

They will be in the next release.

Jeff A. Earickson wrote:

> Gang,
>
> See the AUSCERT bulletin below, if you haven't already.  In light of
> this,
> I added the following to my filename.rules.conf file:
>
> #---added per AUSCERT bulletin AL-2005.001, Jan 4, 2005
> deny|\.bmp$|Windows bitmap file|Possible buffer overflow in
> Explorer/Outlook
> deny|\.ico$|Windows icon file|Possible buffer overflow in
> Explorer/Outlook
> deny|\.ani$|Windows animated cursor file|Possible buffer overflow in
> Explorer/Outlook
> deny|\.cur$|Windows cursor file|Possible buffer overflow in
> Explorer/Outlook
> deny|\.hlp$|Windows Help file|Possible buffer overflow in
> Explorer/Outlook
>
> I replaced tabs with the pipe symbol (|) for this email.  Maybe this
> should be rolled into the next edition of MailScanner?
>
> ---------- Forwarded message ----------
> Date: Tue, 4 Jan 2005 05:34:25 UT
> From: auscert at auscert.org.au
> Reply-To: national-alerts at auscert.org.au
> To: national-alerts at auscert.org.au
> Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.001) Three vulnerabilities in
>     Microsoft Windows and Internet Explorer
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ===========================================================================
>
> A  U  S  C  E  R  T                                           A  L  E
> R  T
>
>                        AL-2005.001 -- AUSCERT ALERT
>      Three vulnerabilities in Microsoft Windows and Internet Explorer
>                               4 January 2005
>
> ===========================================================================
>
>
>         AusCERT Alert Summary
>         ---------------------
>
> Product:           Microsoft Internet Explorer
>                    Microsoft Outlook
>                    Microsoft Outlook Express
>                    Microsoft Windows
> Operating System:  Windows
> Impact:            Execute Arbitrary Code/Commands
>                    Denial of Service
> Access:            Remote/Unauthenticated
> CVE Names:         CAN-2004-1305 CAN-2004-1306
>
>
> SUMMARY:
>
>        This alert describes three vulnerabilities in Microsoft Internet
>        Explorer and other Windows components that may allow the remote
>        execution of arbitrary code and denial of service.
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list