alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Office Web Components ActiveX? Vulnerability KB973472, xeye.us variant"; flow:to_client,established; content:"ActiveXObject("; nocase; content:"OWC10.Spreadsheet"; nocase; content:"unescape("; nocase; reference:url,microsoft.com/technet/security/advisory/973472.mspx; reference:url,xeye.us/blog/2009/07/one-0day/;classtype:web-application-attack; reference:url,doc.emergingthreats.net/2009556; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_Office_Web; sid:2009556; rev:2;)

Added 2009-07-16 11:30:35 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Office Web Components ActiveX? Vulnerability KB973472, xeye.us variant"; flow:to_client,established; content:"ActiveXObject("; nocase; content:"OWC10.Spreadsheet"; nocase; content:"unescape("; nocase; reference:url,microsoft.com/technet/security/advisory/973472.mspx; reference:url,xeye.us/blog/2009/07/one-0day/;classtype:web-application-attack; reference:url,doc.emergingthreats.net/2009556; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_Office_Web; sid:2009556; rev:2;)

Added 2009-07-16 11:30:35 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Office Web Components ActiveX? Vulnerability KB973472, xeye.us variant"; flow:to_client,established; content:"ActiveXObject("; nocase; content:"OWC10.Spreadsheet"; nocase; content:"unescape("; nocase; reference:url,microsoft.com/technet/security/advisory/973472.mspx; reference:url,xeye.us/blog/2009/07/one-0day/;classtype:web-application-attack; sid:2009556; rev:1;)

Added 2009-07-14 09:45:38 UTC


Topic revision: r1 - 2009-07-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats