alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Trend Micro Internet Security Pro UfPBCtrl?.dll ActiveX? Control Remote Code Execution Attempt"; flow:established,to_client; content:"clsid"; nocase; content:"15DBC3F9-9F0A-472E-8061-043D9CEC52F0"; nocase; distance:0; content:"extSetOwner"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*15DBC3F9-9F0A-472E-8061-043D9CEC52F0/si"; classtype:attempted-user; reference:url,www.zerodayinitiative.com/advisories/ZDI-10-165/; reference:url,esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx; sid:2011418; rev:1;)

Added 2010-09-04 16:53:13 UTC


Topic revision: r1 - 2010-09-04 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats