alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Office Data Structure Corruption (unpatched)"; flow:established,to_client; content:"|CF 11 E0 A1 B1 1A E1|"; content:"|00 00 00|"; distance:617; within:3; byte_test:4,>,1677215,0,relative,little; classtype:bad-unknown; sid:2003212; rev:3;)
Added 2008-01-25 10:56:38 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Office Data Structure Corruption (unpatched)"; flow:established,to_client; content:"|CF 11 E0 A1 B1 1A E1|"; content:"|00 00 00|"; distance:617; within:3; byte_test:4,>,1677215,0,relative,little; classtype:bad-unknown; sid:2003212; rev:3;)
Added 2008-01-25 10:56:38 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE EXPLOIT Microsoft Office Data Structure Corruption (unpatched)"; flow:established,to_client; content:"|CF 11 E0 A1 B1 1A E1|"; content:"|00 00 00|"; distance:617; within:3; byte_test:4,>,1677215,0,relative,little; sid:2003212; rev:1;)