Sourcefire Identifies Microsoft Outlook Vulnerability.Sourcefire Vulnerability Research Team Continues to Deliver Coverage Ahead of Threats COLUMBIA, Md. -- Open source innovator and SNORT([R]) creator, Sourcefire, Inc., a leader in network intrusion prevention See IPS and IDS. , today announced that the Sourcefire([R]) Vulnerability Research Team (VRT VRT Vita Radio Transport (communications standard / protocol) VRT Virus Removal Tools VRT Vehicle Registration Tax VRT Vehicle Reg Tax VRT Voltage Reduction Technology (Intel Corp) ) discovered Microsoft([R]) Outlook([R]) VEVENT Vulnerability - CVE-2007-0033. Following the discovery, Sourcefire notified Microsoft and created a Snort rule (available at: http://www.snort.org/vrt/advisories/vrt-rules-2007-01-09.html) to protect users against potential exploits. Due to a remote code execution vulnerability, Microsoft Outlook For the e-mail and news client bundled with certain versions of Microsoft Windows, see . Microsoft Outlook or Outlook (full name Microsoft Office Outlook does not perform sufficient data validation In computer science, data validation is the process of ensuring that a program operates on clean, correct and useful data. It uses routines, often called validation rules, that check for correctness or meaningfulness of data that are input to the system. when processing the contents of an .iCal meeting request (used to create and send meeting requests over the Internet or outside an organization). When Outlook opens a specially crafted .iCal meeting request and parses a malformed malĀ·formed adj. Abnormally or faultily formed. VEVENT request, it may corrupt system memory in such a way that an attacker could execute arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update removes the vulnerability by modifying the way that Outlook validates the length of an .iCal meeting request before it passes the message to the allocated buffer. The Sourcefire VRT is a leading vulnerability research group chartered with researching new vulnerabilities and creating methods for detecting and preventing attempts to exploit them. The team utilizes advanced protocol modeling to write rules that detect potential attacks against the underlying vulnerabilities used by many worms and malicious scripts as their attack vectors. "As technology continues to advance, so do the threats that look for vulnerabilities to exploit," said Matt Watchinksi, Director of the Sourcefire Vulnerability Research Team. "Customers need to know that their security solutions are backed by a research team that proactively works to ensure the best protection possible. The Sourcefire VRT strives to lead the industry in delivering protection against the latest threats. In many cases the Snort community and Sourcefire users are protected well before an exploit is ever released." Lurene Grenier, Senior Research Engineer for the Sourcefire VRT, who discovered the vulnerability, will be conducting a vulnerability exploitation tutorial February 4-5 at RSA Conference The RSA Conference is a Cryptography-related conference held annually in the San Francisco Bay Area. The RSA Conference started in 1991 as a forum for cryptographers to gather and share the latest knowledge and advancements in the area of Internet security. 2007 in San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden , CA. For more information on the tutorial and/or to register, please visit: http://www.rsaconference.com/2007/us/content/tutorials/. About the Sourcefire Vulnerability Research Team The Sourcefire VRT is comprised of leading edge network security experts working to proactively discover, assess, and respond to the latest trends in hacking activity, intrusion attempts, and vulnerabilities. This team collaborates extensively with hundreds of network security professionals in the open source community to research and validate new vulnerabilities and exploits. About Sourcefire Sourcefire, Inc., a leading provider of intelligence driven, open source network security solutions, is transforming the way organizations manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks in real-time. The company's network defense system unifies intrusion and vulnerability management technologies to provide customers with superior network security. Founded in 2001 by the creator of Snort, Sourcefire is headquartered in Columbia, MD and has been consistently recognized for its innovation and industry leadership by customers, media, and industry analysts alike - with more than 18 awards and accolades since January 2005 alone. Recently, the company was positioned in the Leaders Quadrant of Gartner's "Magic Quadrant The Gartner Magic Quadrant is a proprietary research tool developed by Gartner Inc., a US based research and advisory firm. It is designed to provide an unbiased qualitative analysis of a “markets’ direction, maturity, and participants. for Network Intrusion Prevention System Appliances 2H06" report and the Sourcefire 3D System was named "Best Security Solution," at the 2006 SC Magazine Awards. At work in leading Fortune 1000 and government agencies, the names Sourcefire and founder Martin Roesch have grown synonymous with synonymous with adjective equivalent to, the same as, identical to, similar to, identified with, equal to, tantamount to, interchangeable with, one and the same as innovation and intelligence in network security. For more information about Sourcefire, please visit http://www.sourcefire.com. SOURCEFIRE[R], SNORT[R], the Sourcefire logo, the Snort and Pig logo, SECURITY FOR THE REAL WORLD[TM], SOURCEFIRE DEFENSE CENTER[TM], SOURCEFIRE 3D[TM], RNA RNA: see nucleic acid. RNA in full ribonucleic acid One of the two main types of nucleic acid (the other being DNA), which functions in cellular protein synthesis in all living cells and replaces DNA as the carrier of genetic [TM] and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and other countries. Microsoft Outlook is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion