#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS Acer
LunchApp?.Aplunch
ActiveX? control access"; flow:established,from_server; content:"CLSID"; nocase; content:"D9998BD0-7957-11D2-8FED-00606730D3AA"; nocase; reference:url,secunia.com/advisories/23003/; classtype:attempted-user; sid:2003191; rev:1;)
Added 2007-04-10 10:15:37 UTC
Threat has passed. Patch has been available for some time now. This sig is not exploit detecting, just clsid. Not good for the long term.
--
MattJonkman - 10 Apr 2007
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS Acer
LunchApp?.Aplunch
ActiveX? control access"; flow:established,from_server; content:"CLSID"; nocase; content:"D9998BD0-7957-11D2-8FED-00606730D3AA"; nocase; reference:url,secunia.com/advisories/23003/; classtype:attempted-user; sid:2003191; rev:1;)