alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; reference:url,doc.emergingthreats.net/2003079; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS06-042; sid:2003079; rev:66;)

Added 2009-10-06 14:19:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; reference:url,doc.emergingthreats.net/2003079; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS06-042; sid:2003079; rev:66;)

Added 2009-10-06 14:19:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; reference:url,doc.emergingthreats.net/2003079; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS06-042; sid:2003079; rev:66;)

Added 2009-10-06 14:15:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; reference:url,doc.emergingthreats.net/2003079; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS06-042; sid:2003079; rev:66;)

Added 2009-10-06 14:15:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; reference:url,doc.emergingthreats.net/2003079; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS06-042; sid:2003079; rev:5;)

Added 2009-02-16 21:46:08 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; reference:url,doc.emergingthreats.net/2003079; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS06-042; sid:2003079; rev:5;)

Added 2009-02-16 21:46:08 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; reference:url,doc.emergingthreats.net/2003079; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS06-042; sid:2003079; rev:5;)

Added 2009-02-16 21:45:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; reference:url,doc.emergingthreats.net/2003079; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS06-042; sid:2003079; rev:5;)

Added 2009-02-16 21:45:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; sid:2003079; rev:4;)

Added 2008-11-25 09:49:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; sid:2003079; rev:4;)

Added 2008-11-25 09:49:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; sid:2003079; rev:4;)

Added 2008-11-25 09:45:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; sid:2003079; rev:4;)

Added 2008-11-25 09:45:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; sid:2003079; rev:3;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; sid:2003079; rev:3;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE EXPLOIT COM Object MS06-042 (group 3)"; flow:established,from_server; flowbits:isset,CLSID_DETECTED; pcre:"/C0D076C5-E4C6-4561-8BF4-80DA8DB819D7|C44C65C7-FDF1-453D-89A5-BCC28F5D69F9|C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F|C8F209F8-480E-454C-94A4-5392D88EBA0F|CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED|CFFB1FC7-270D-4986-B299-FECF3F0E42DB|E188F7A3-A04E-413E-99D1-D79A45F70305|E476CBFF-E229-4524-B6B7-228A3129D1C7|EF105BC3-C064-45F1-AD53-6D8A8578D01B|EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C|F44BB2D0-F070-463E-9433-B0CCF3CFD627|5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E/i"; classtype:web-application-attack; reference:cve,2006-3638; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx; sid:2003079; rev:2;)



Topic revision: r1 - 2009-10-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats