alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Internet Explorer execCommand function Use after free Vulnerability 0day Metasploit"; flow:established,to_client; file_data; content:".execCommand|28|"; nocase; pcre:"/^[\r\n\s]*[\x22\x27]selectAll/Ri"; content:"YMjf\\u0c08\\u0c0cKDog"; fast_pattern:only; reference:url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/; reference:cve,CVE-2012-4969; classtype:attempted-user; sid:2015712; rev:5;)

Added 2014-09-19 17:22:44 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Internet Explorer execCommand fuction Use after free Vulnerability 0day Metasploit"; flow:established,to_client; file_data; content:".execCommand|28|"; nocase; pcre:"/^[\r\n\s]*[\x22\x27]selectAll/Ri"; content:"YMjf\\u0c08\\u0c0cKDog"; fast_pattern:only; reference:url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/; classtype:attempted-user; sid:2015712; rev:1;)

Added 2012-09-17 19:48:03 UTC


Topic revision: r1 - 2014-09-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats