#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; file_data; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; classtype:web-application-attack; sid:2008812; rev:10;)

Added 2011-10-12 19:25:55 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; file_data; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; sid:2008812; rev:10;)

Added 2011-09-14 22:39:22 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; file_data; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MW6; sid:2008812; rev:10;)

Added 2011-02-04 17:28:01 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MW6; sid:2008812; rev:4;)

Added 2009-10-06 14:19:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MW6; sid:2008812; rev:4;)

Added 2009-10-06 14:19:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MW6; sid:2008812; rev:4;)

Added 2009-10-06 14:15:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MW6; sid:2008812; rev:4;)

Added 2009-10-06 14:15:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MW6; sid:2008812; rev:2;)

Added 2009-02-16 21:46:09 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MW6; sid:2008812; rev:2;)

Added 2009-02-16 21:46:09 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MW6; sid:2008812; rev:2;)

Added 2009-02-16 21:45:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; reference:url,doc.emergingthreats.net/2008812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MW6; sid:2008812; rev:2;)

Added 2009-02-16 21:45:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; sid:2008812; rev:1;)

Added 2008-12-02 10:00:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; sid:2008812; rev:1;)

Added 2008-12-02 09:58:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX MW6 Aztec ActiveX? Aztec.dll ActiveX? Control Multiple Arbitrary File Overwrite"; flow:to_client,established; content:"CLSID"; nocase; content:"F359732D-D020-40ED-83FF-F381EFE36B54"; nocase; distance:0; pcre:"/(SaveAsBMP?|SaveAsWMF)/i"; classtype:web-application-attack; reference:bugtraq,31974; reference:url,milw0rm.com/exploits/6870; sid:2008812; rev:1;)

Added 2008-12-02 09:57:12 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats