EmergingThreats
>
Main Web
>
2001095
(2009-02-08,
TWikiGuest
)
E
dit
A
ttach
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: "ET EXPLOIT IFRAME
ExecCommand
?
vulnerability"; flow: from_server,established; content:"
]*SRC[\s]*=[\s]*["']*[\x09\x0a\x0b\x0c\x0d]*f[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*e[\x09\x0a\x0b\x0c\x0d]*\:/Ri"; reference:url,www.securiteam.com/exploits/3D5Q4RFPPK.html; classtype: misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2001095; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IE_Vulnerabilities; sid: 2001095; rev:8;)
Added 2009-02-07 22:00:25 UTC
Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: "ET EXPLOIT IFRAME
ExecCommand
?
vulnerability"; flow: from_server,established; content:"
]*SRC[\s]*=[\s]*["']*[\x09\x0a\x0b\x0c\x0d]*f[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*e[\x09\x0a\x0b\x0c\x0d]*\:/Ri"; reference:url,www.securiteam.com/exploits/3D5Q4RFPPK.html; classtype: misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2001095; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IE_Vulnerabilities; sid: 2001095; rev:8;)
Added 2009-02-07 22:00:25 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: "ET EXPLOIT IFRAME
ExecCommand
?
vulnerability"; flow: from_server,established; content:"
]*SRC[\s]*=[\s]*["']*[\x09\x0a\x0b\x0c\x0d]*f[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*e[\x09\x0a\x0b\x0c\x0d]*\:/Ri"; reference:url,www.securiteam.com/exploits/3D5Q4RFPPK.html; classtype: misc-activity; sid: 2001095; rev:7;)
Added 2008-01-25 10:56:37 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: "ET EXPLOIT IFRAME
ExecCommand
?
vulnerability"; flow: from_server,established; content:"
]*SRC[\s]*=[\s]*["']*[\x09\x0a\x0b\x0c\x0d]*f[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*e[\x09\x0a\x0b\x0c\x0d]*\:/Ri"; reference:url,www.securiteam.com/exploits/3D5Q4RFPPK.html; classtype: misc-activity; sid: 2001095; rev:7;)
Added 2008-01-25 10:56:37 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: "BLEEDING-EDGE EXPLOIT IFRAME
ExecCommand
?
vulnerability"; flow: from_server,established; content:"
]*SRC[\s]*=[\s]*["']*[\x09\x0a\x0b\x0c\x0d]*f[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*e[\x09\x0a\x0b\x0c\x0d]*\:/Ri"; reference:url,www.securiteam.com/exploits/3D5Q4RFPPK.html; classtype: misc-activity; sid: 2001095; rev:6; )
E
dit
|
A
ttach
|
P
rint version
|
H
istory
: r1
|
B
acklinks
|
R
aw View
|
WYSIWYG
|
M
ore topic actions
Topic revision: r1 - 2009-02-08
-
TWikiGuest
Main
Log In
Main Web
Create New Topic
Index
Search
Changes
Preferences
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss
Feed
EmergingFAQ
Copyright © Emerging Threats