EmergingThreats> Main Web>2003191 (2007-04-10, MattJonkman) EditAttach

#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS Acer LunchApp?.Aplunch ActiveX? control access"; flow:established,from_server; content:"CLSID"; nocase; content:"D9998BD0-7957-11D2-8FED-00606730D3AA"; nocase; reference:url,secunia.com/advisories/23003/; classtype:attempted-user; sid:2003191; rev:1;)

Added 2007-04-10 10:15:37 UTC

Threat has passed. Patch has been available for some time now. This sig is not exploit detecting, just clsid. Not good for the long term.

-- MattJonkman - 10 Apr 2007

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS Acer LunchApp?.Aplunch ActiveX? control access"; flow:established,from_server; content:"CLSID"; nocase; content:"D9998BD0-7957-11D2-8FED-00606730D3AA"; nocase; reference:url,secunia.com/advisories/23003/; classtype:attempted-user; sid:2003191; rev:1;)

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2007-04-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats