#alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED COM Object MS05-052 (group 2)"; flow:established,from_server; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/i"; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; classtype:web-application-attack; sid:2002492; rev:13; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:56:00 UTC


###alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED COM Object MS05-052 (group 2)"; flow:established,from_server; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/i"; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; classtype:web-application-attack; sid:2002492; rev:13;)

Added 2011-10-12 19:11:47 UTC


###alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED COM Object MS05-052 (group 2)"; flow:established,from_server; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/i"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; sid:2002492; rev:13;)

Added 2011-09-14 22:24:30 UTC


###alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED COM Object MS05-052 (group 2)"; flow:established,from_server; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/i"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS05-038; sid:2002492; rev:13;)

Added 2011-02-04 17:21:53 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS05-038; sid:2002492; rev:8;)

Added 2010-01-20 15:31:11 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS05-038; sid:2002492; rev:8;)

Added 2010-01-20 15:31:11 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS05-038; sid:2002492; rev:8;)

Added 2009-10-06 14:19:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS05-038; sid:2002492; rev:8;)

Added 2009-10-06 14:19:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS05-038; sid:2002492; rev:8;)

Added 2009-10-06 14:15:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS05-038; sid:2002492; rev:8;)

Added 2009-10-06 14:15:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS05-038; sid:2002492; rev:6;)

Added 2009-02-16 21:46:08 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS05-038; sid:2002492; rev:6;)

Added 2009-02-16 21:46:08 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS05-038; sid:2002492; rev:6;)

Added 2009-02-16 21:45:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; reference:url,doc.emergingthreats.net/2002492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS05-038; sid:2002492; rev:6;)

Added 2009-02-16 21:45:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; sid:2002492; rev:5;)

Added 2008-11-25 09:49:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; sid:2002492; rev:5;)

Added 2008-11-25 09:49:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; sid:2002492; rev:5;)

Added 2008-11-25 09:45:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; sid:2002492; rev:5;)

Added 2008-11-25 09:45:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; sid:2002492; rev:4;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; sid:2002492; rev:4;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE EXPLOIT COM Object MS05-052 (group 2)"; flow:established,from_server; content:"CLSID"; nocase; flowbits:isset,CLSID_DETECTED; pcre:"/4FAAB301-CEF6-477C-9F58-F601039E9B78|6CBE0382-A879-4D2A-8EC3-1F2A43611BA8|F117831B-C052-11D1-B1C0-00C04FC2F3EF|3050F667-98B5-11CF-BB82-00AA00BDCE0B|1AA06BA1-0E88-11D1-8391-00C04FBD7C09|F28D867A-DDB1-11D3-B8E8-00A0C981AEEB|6B7F1602-D44C-11D0-A7D9-AE3D17000000|7007ACCF-3202-11D1-AAD2-00805FC1270E|992CFFA0-F557-101A-88EC-00DD010CCC48|00020420-0000-0000-C000-000000000046|0006F02A-0000-0000-C000-000000000046|ABBA001B-3075-11D6-88A4-00B0D0200F88|CE292861-FC88-11D0-9E69-00C04FD7C15B/Ri"; classtype:web-application-attack; reference:cve,2005-2127; reference:url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx; sid:2002492; rev:3;)



Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats