https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735106#M56271 <HTML><HEAD></HEAD><BODY><P> I'll open a service request with TAC and to see if I can get any clarification or more information.&nbsp; I'll let y'all know what I find out.</P><P></P><P></P><P>Jonathan</P></BODY></HTML> Fri, 16 Sep 2011 13:22:45 GMT Jonathan Grant 2011-09-16T13:22:45Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735101#M56266 <P>Hello all!&nbsp; Sig 33439 was modified in S592 and I'm seeing a lot more alerts from this signature since we pushed S592.&nbsp; Does anyone know what changed and what the trigger is that causes the signature to fire?&nbsp; I have capture files and have not been able to identify anything malicious, nor what is causing it to fire.&nbsp; If anyone can help me understand what the trigger is, I'm hoping I'll be able to identify what in the packets are causing the possible false-positives.&nbsp; Thank you.</P><P></P><P></P><P>Jonathan</P> Sun, 10 Mar 2019 12:28:38 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735101#M56266 Jonathan Grant 2019-03-10T12:28:38Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735102#M56267 <HTML><HEAD></HEAD><BODY><P> I've noticed this as well. As long as all machines running IE have the necessary patches, it shouldn't be a real problem but would be nice to know what's causing all the noise since S592 came out.</P></BODY></HTML> Wed, 14 Sep 2011 22:29:09 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735102#M56267 mark.barrett 2011-09-14T22:29:09Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735103#M56268 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>We're working on this signature already and will update it shortly.</P><P></P><P>Martin </P><P>IPS Signature Team</P></BODY></HTML> Thu, 15 Sep 2011 09:41:18 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735103#M56268 mzeiser 2011-09-15T09:41:18Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735104#M56269 <HTML><HEAD></HEAD><BODY><P> Martin,</P><P></P><P>Just to confirm, are you saying the current signature is misconfigured and it will be corrected in a future release?&nbsp; Thank you.</P><P></P><P></P><P>Jonathan</P></BODY></HTML> Thu, 15 Sep 2011 13:17:22 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735104#M56269 Jonathan Grant 2011-09-15T13:17:22Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735105#M56270 <HTML><HEAD></HEAD><BODY><P> Hi there,</P><P></P><P>We have the same issue here with several customers during the last two weeks.</P><P></P><P>We waited for signatures updates if it was fixed but no luck.</P><P></P><P>We disabled the signature in some customers.</P><P></P><P>Any suggestion?</P><P></P><P>Thanks,</P><P></P><P>Hugo</P></BODY></HTML> Fri, 16 Sep 2011 12:58:15 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735105#M56270 Hugo Caye 2011-09-16T12:58:15Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735106#M56271 <HTML><HEAD></HEAD><BODY><P> I'll open a service request with TAC and to see if I can get any clarification or more information.&nbsp; I'll let y'all know what I find out.</P><P></P><P></P><P>Jonathan</P></BODY></HTML> Fri, 16 Sep 2011 13:22:45 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735106#M56271 Jonathan Grant 2011-09-16T13:22:45Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735107#M56272 <HTML><HEAD></HEAD><BODY><P>OK, thanks.</P></BODY></HTML> Fri, 16 Sep 2011 13:28:15 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735107#M56272 Hugo Caye 2011-09-16T13:28:15Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735108#M56273 <HTML><HEAD></HEAD><BODY><P>Jonathan,</P><P></P><P>Any input from TAC?</P><P></P><P>Tks.</P></BODY></HTML> Sat, 17 Sep 2011 12:43:00 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735108#M56273 Hugo Caye 2011-09-17T12:43:00Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735109#M56274 <HTML><HEAD></HEAD><BODY><P> Hugo,</P><P></P><P>I opened an SR Friday morning, I received confirmation, but have not heard anything back since.&nbsp; Cisco isn't being very responsive with this query at all.</P><P></P><P></P><P>Jonathan</P></BODY></HTML> Mon, 19 Sep 2011 13:06:23 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735109#M56274 Jonathan Grant 2011-09-19T13:06:23Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735110#M56275 <HTML><HEAD></HEAD><BODY><P>Jonathan,</P><P></P><P>Thanks a lot for your answer.</P><P></P><P>We’re evaluating to disable this signature.</P><P></P><P></P><P>Regards,</P><P></P><P>Hugo</P></BODY></HTML> Tue, 20 Sep 2011 01:15:55 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735110#M56275 Hugo Caye 2011-09-20T01:15:55Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735111#M56276 <HTML><HEAD></HEAD><BODY><P>We've had the same uptick in alerts on this signature, and now it's affecting a website that one of our users needs to access. Our systems are patched so I will likely just disable it for now, but I'll definitely watch this thread to see if Cisco updates with any information about a potential re-release of this sig.</P></BODY></HTML> Tue, 20 Sep 2011 13:45:22 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735111#M56276 Daniel Barr 2011-09-20T13:45:22Z https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735112#M56277 <HTML><HEAD></HEAD><BODY><P>Signature <STRONG>S597</STRONG> (just released) has retired this signature. I ended up disabling it on our systems anyway.<STRONG><BR /></STRONG></P></BODY></HTML> Thu, 22 Sep 2011 21:56:08 GMT https://community.cisco.com/t5/network-security/trigger-for-sig-33439-ie-memory-corruption-vulnerability/m-p/1735112#M56277 Daniel Barr 2011-09-22T21:56:08Z