alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB Chilkat Mail ActiveX? 7.8 ChilkatCert?.dll Insecure Method Vulnerability"; flow:to_client,established; content:"CLSID"; nocase; content:"2A9A3D40-2F32-45BF-9A89-AC9ED6C2FEDF"; nocase; pcre:"/.*\.(ini|exe|dll|bat|com|cab|txt)/i"; content:"SaveLastError"; nocase; distance:0; within:40; classtype:web-application-attack; reference:bugtraq,27493; reference:url,www.milw0rm.com/exploits/5005; sid:2007819; rev:2;)

Added 2008-05-18 20:33:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB Chilkat Mail ActiveX? 7.8 ChilkatCert?.dll Insecure Method Vulnerability"; flow:to_client,established; content:"CLSID"; nocase; content:"2A9A3D40-2F32-45BF-9A89-AC9ED6C2FEDF"; nocase; pcre:"/.*\.(ini|exe|dll|bat|com|cab|txt)/i"; content:"SaveLastError"; nocase; distance:0; within:40; classtype:web-application-attack; reference:bugtraq,27493; reference:url,www.milw0rm.com/exploits/5005; sid:2007819; rev:2;)

Added 2008-05-18 20:33:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Chilkat Mail ActiveX? 7.8 ChilkatCert?.dll Insecure Method Vulnerability"; flow:to_client,established; content:"CLSID"; nocase; content:"2A9A3D40-2F32-45BF-9A89-AC9ED6C2FEDF"; nocase; pcre:"/.*\.(ini|exe|dll|bat|com|cab|txt)/i"; content:"SaveLastError"; nocase; distance:0; within:40; classtype:web-application-attack; reference:bugtraq,27493; reference:url,www.milw0rm.com/exploits/5005; sid:2007819; rev:1;)

Added 2008-02-06 10:24:10 UTC


Topic revision: r1 - 2008-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats