alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX J-Integra Remote Code Execution"; flow:established,to_client; content:"clsid"; nocase; content:"F21507A7-530F-4A89-8FE4-9D989670FD2C"; nocase; distance:0; pcre:"/<object\s*[^>]*\s*classid\s*=\s*(\x22|\x27)\s*clsid\s*\x3a\s*{?\s*F21507A7-530F-4A89-8FE4-9D989670FD2C\s*}?\s*(.*)(\s|)/si"; pcre:"/\x2e[RemoveAccessPermission|AddLaunchPermission|AddAccessPermission|RemoveLaunchPermission]/"; reference:url,www.exploit-db.com/exploits/15648; classtype:attempted-user; sid:2012095; rev:3;)

Added 2014-12-05 18:20:52 UTC


Topic revision: r1 - 2014-12-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats