UDS-HTTP: MS IE CBlockElement bdo element tag Use After Free Vulnerability I
Released 7/11/2013 (KB55447)
I tried to import this signature but receive the error message: "Unable to write User-Defined Signatures to the database."
When I open the signature after import it does say it needs a protection category and matching software criteria.
I tried to give it protection category "Client Protection / Web Browser" and software protocol http, but it still won't compile.
Anyone had any success with this?
What verson are you using? I just tried on 7.5 and 6.1 in my lab and both took the new UDS fine.
Do you have any custom protocol definitions within the custom attack editor?
Was the error when you saved the custom attacks?
If you haven't already I recommend opening a support ticket as they can help review the logs which should give an indication why you are having an error.
It may be worth checking the RTTA to ensure you can view new alerts correctly just to check the database health. dbtuning is always a good idea also.
I was able to import this UDS successfully. I am running NSM 126.96.36.199.
Not sure if you're doing this or not, but you have to unzip the original downloaded UDS file and import the zip file named "UDS.zip"
Ok I found the issue. The first time I downloaded the sig, it was a zip with 2 xml files in it directly. Normally there would be a PDF and a UDS.zip file. I downloaded it again and it looked right. Importing the UDS.zip worked. Thanks for the responses - dt1 your comment made me realize that my download didn't look correct.