#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE EXPLOIT Possible MSIE VML Exploit"; flow:established,from_server; content:"xmlns"; nocase; content:"schemas-microsoft-com"; nocase; distance:0; content:"vml"; nocase; distance:0; pcre:"/\x3chtml\s*xmlns\x3a[\d\w]+\s*=\s*\x22\s*urn\x3aschemas-microsoft-com\x3avml\s*\x22\s*\x3e/i"; reference:url,osvdb.org/31250; reference:bugtraq,21930; reference:cve,2007-0024; reference:url,sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html; reference:cve,2006-4868; classtype:misc-attack; sid:2003106; rev:3;)



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats