EditAttachPrintable
r1 - 12 Oct 2011 - 23:30:55 - TWikiGuestYou are here: TWiki >  Main Web > 2010929

##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Foxit Reader ActiveX? control OpenFile? method Heap Overflow Attempt"; flow:established,to_client; file_data; content:"05563215-225C-45EB-BB34-AFA47217B1DE"; nocase; distance:0; content:"OpenFile"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*05563215-225C-45EB-BB34-AFA47217B1DE/si"; reference:url,www.exploit-db.com/exploits/11196; reference:url,doc.emergingthreats.net/2010929; classtype:attempted-user; sid:2010929; rev:8;)

Added 2011-10-12 19:30:55 UTC

 

##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Foxit Reader ActiveX? control OpenFile? method Heap Overflow Attempt"; flow:established,to_client; file_data; content:"05563215-225C-45EB-BB34-AFA47217B1DE"; nocase; distance:0; content:"OpenFile"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*05563215-225C-45EB-BB34-AFA47217B1DE/si"; classtype:attempted-user; reference:url,www.exploit-db.com/exploits/11196; reference:url,doc.emergingthreats.net/2010929; sid:2010929; rev:8;)

Added 2011-09-14 22:44:04 UTC

##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Foxit Reader ActiveX? control OpenFile? method Heap Overflow Attempt"; flow:established,to_client; file_data; content:"05563215-225C-45EB-BB34-AFA47217B1DE"; nocase; distance:0; content:"OpenFile"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*05563215-225C-45EB-BB34-AFA47217B1DE/si"; classtype:attempted-user; reference:url,www.exploit-db.com/exploits/11196; reference:url,doc.emergingthreats.net/2010929; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Foxit; sid:2010929; rev:8;)

Added 2011-02-04 17:30:37 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Foxit Reader ActiveX? control OpenFile? method Heap Overflow Attempt"; flow:established,to_client; content:"clsid"; nocase; content:"05563215-225C-45EB-BB34-AFA47217B1DE"; nocase; distance:0; content:"OpenFile"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*05563215-225C-45EB-BB34-AFA47217B1DE/si";classtype:attempted-user; reference:url,www.exploit-db.com/exploits/11196; reference:url,doc.emergingthreats.net/2010929; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Foxit; sid:2010929; rev:2;)

Added 2010-03-10 15:00:57 UTC

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback