#alert http any $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; content:"hcp|3a|//"; fast_pattern; nocase; content:"script"; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp\x3a\x2f\x2F[^\n]*?(%3c|<)script[^\n]*?defer[^\n]*?unescape/i"; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:cve,2010-1885; classtype:misc-attack; sid:2011173; rev:11; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-10-30 18:17:38 UTC


#alert http any $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; content:"hcp|3a|//"; fast_pattern; nocase; content:"script"; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp\x3a\x2f\x2F[^\n]*?(%3c|<)script[^\n]*?defer[^\n]*?unescape/i"; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:cve,2010-1885; classtype:misc-attack; sid:2011173; rev:11; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-10-30 16:39:47 UTC


alert http any $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; content:"hcp|3a|//"; fast_pattern; nocase; content:"script"; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp\x3a\x2f\x2F[^\n]*?(%3c|<)script[^\n]*?defer[^\n]*?unescape/i"; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:cve,2010-1885; classtype:misc-attack; sid:2011173; rev:11; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:04:20 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; file_data; content:"hcp|3a|//"; fast_pattern; nocase; distance:0; content:"script"; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp\x3a\x2f\x2F[^\n]*?(%3c|<)script[^\n]*?defer[^\n]*?unescape/i"; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:cve,2010-1885; classtype:misc-attack; sid:2011173; rev:13;)

Added 2012-07-16 19:40:05 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; file_data; content:"hcp|3a|//"; fast_pattern; nocase; distance:0; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp\x3a\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; classtype:misc-attack; sid:2011173; rev:9;)

Added 2012-07-13 21:15:01 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; file_data; content:"hcp|3a|//"; nocase; distance:0; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp\x3a\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; classtype:misc-attack; sid:2011173; rev:8;)

Added 2011-10-12 19:31:29 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; file_data; content:"hcp|3a|//"; nocase; distance:0; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp\x3a\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; classtype:misc-attack; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; sid:2011173; rev:8;)

Added 2011-09-14 22:44:53 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; file_data; content:"hcp|3a|//"; nocase; distance:0; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp\x3a\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; classtype:misc-attack; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_WinHelp; sid:2011173; rev:8;)

Added 2011-02-04 17:30:56 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; content:"hcp\://"; nocase; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp:\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; classtype:misc-attack; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_WinHelp; sid:2011173; rev:4;)

Added 2010-07-20 17:01:02 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; content:"hcp\://"; nocase; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp:\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; classtype:misc-attack; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_WinHelp; sid:2011173; rev:4;)

Added 2010-07-20 17:01:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Windows Help Center Malformed Escape Sequence XSS Command Execution Attempt"; flow:established,to_client; content:"hcp|3A|//"; nocase; content:"script"; nocase; distance:0; content:"defer"; nocase; distance:0; pcre:"/hcp\x3A\x2f\x2f[^\n]*.+script.+defer(\x253e|\x3E)/smi"; classtype:attempted-user; reference:url,www.exploit-db.com/exploits/13808/; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=20864; reference:url,www.microsoft.com/technet/security/bulletin/MS10-042.mspx; reference:url,archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html; reference:url,http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx; reference:cve,2010-1885; reference:url,doc.emergingthreats.net/2011173; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_WinHelp; sid:2011173; rev:3;)

Added 2010-07-20 16:22:20 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Windows Help Center Malformed Escape Sequence XSS Command Execution Attempt"; flow:established,to_client; content:"hcp|3A|//"; nocase; content:"script"; nocase; distance:0; content:"defer"; nocase; distance:0; pcre:"/hcp\x3A\x2f\x2f[^\n]*.+script.+defer(\x253e|\x3E)/smi"; classtype:attempted-user; reference:url,www.exploit-db.com/exploits/13808/; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=20864; reference:url,www.microsoft.com/technet/security/bulletin/MS10-042.mspx; reference:url,archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html; reference:url,http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx; reference:cve,2010-1885; reference:url,doc.emergingthreats.net/2011173; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_WinHelp; sid:2011173; rev:3;)

Added 2010-07-20 16:22:20 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; content:"hcp\://"; nocase; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp:\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; classtype:misc-attack; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_WinHelp; sid:2011173; rev:2;)

Added 2010-06-14 14:30:59 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; content:"hcp\://"; nocase; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp:\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; classtype:misc-attack; reference:url,www.exploit-db.com/exploits/13808/; reference:url,doc.emergingthreats.net/2011173; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_WinHelp; sid:2011173; rev:2;)

Added 2010-06-14 14:30:59 UTC


alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"ET CUERRENT_EVENTS Windows Help Center Arbitrary Command Execution Exploit Attempt"; flow:established,from_server; content:"hcp\://"; nocase; content:"<script "; nocase; distance:0; content:"defer"; nocase; distance:0; content:"unescape"; nocase; distance:0; pcre:"/src\s*=\s*[\x22\x27]?hcp:\x2f\x2F[^\n]*<script\s*defer[^\n]*unescape/i"; classtype:misc-attack; reference:url,www.exploit-db.com/exploits/13808/; sid:2011173; rev:1;)

Added 2010-06-14 14:15:58 UTC


Topic revision: r1 - 2017-10-30 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats