alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Office Data Structure Corruption (unpatched)"; flow:established,to_client; content:"|CF 11 E0 A1 B1 1A E1|"; content:"|00 00 00|"; distance:617; within:3; byte_test:4,>,1677215,0,relative,little; classtype:bad-unknown; sid:2003212; rev:3;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Office Data Structure Corruption (unpatched)"; flow:established,to_client; content:"|CF 11 E0 A1 B1 1A E1|"; content:"|00 00 00|"; distance:617; within:3; byte_test:4,>,1677215,0,relative,little; classtype:bad-unknown; sid:2003212; rev:3;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE EXPLOIT Microsoft Office Data Structure Corruption (unpatched)"; flow:established,to_client; content:"|CF 11 E0 A1 B1 1A E1|"; content:"|00 00 00|"; distance:617; within:3; byte_test:4,>,1677215,0,relative,little; sid:2003212; rev:1;)



Topic revision: r1 - 2008-01-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats