On Fri, Sep 15, 2006 at 01:21:47PM -0700, Ken A wrote: > Unless you block activeX objects via some other means, your Outlook* > users are vulnerable to this. > http://downloads.securityfocus.com/vulnerabilities/exploits/19738.html > > Seems like testing for "DirectAnimation.PathControl" would be a good > idea.. Any thoughts on this? > > full LOCAL_09152006_0_DAY /DirectAnimation.PathControl/i > describe LOCAL_09152006_0_DAY DirectAnimation.PathControl object code > score LOCAL_09152006_0_DAY 10
1) SA isn't a virus scanner, so informing/installing clamav/etc may be useful 2) full rules are generally bad, so avoid them if you don't need them. 3) related to that, based on the exploit info you'll care about the decoded, but not rendered info, so you'd want a rawbody rule. -- Randomly Selected Tagline: Cat \kat'\ n. 1: A dog with an attitude problem
pgpfm2d7cKXzt.pgp
Description: PGP signature
