alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Yahoo! Music Jukebox (DataGrid?) 2.2 AddImage?() ActiveX? BOF"; flow:to_client,established; content:"clsid"; nocase; content:"5F810AFC-BB5F-4416-BE63-E01DD117BD6C"; nocase; content:"0x40000"; pcre:"/(AddImage?|AddButton)/i"; reference:bugtraq,27590; reference:url,www.milw0rm.com/exploits/5048; reference:url,www.milw0rm.com/exploits/5046; reference:url,www.milw0rm.com/exploits/5051; classtype:web-application-attack; sid:2007812; rev:1;)

Added 2008-02-06 10:03:30 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Yahoo! Music Jukebox (DataGrid?) 2.2 AddImage?() ActiveX? BOF"; flow:to_client,established; content:"clsid"; nocase; content:"5F810AFC-BB5F-4416-BE63-E01DD117BD6C"; nocase; content:"0x40000"; pcre:"/(AddImage?|AddButton)/i"; reference:bugtraq,27590; reference:url,www.milw0rm.com/exploits/5048; reference:url,www.milw0rm.com/exploits/5046; reference:url,www.milw0rm.com/exploits/5051; classtype:web-application-attack; sid:2007812; rev:1;)

Added 2008-02-06 10:03:30 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Vulnerable Facebook ActiveX? CLSID in Use"; flow:from_server,established; content:"CLSID"; nocase; content:"5C6698D9-7BE4-4122-8EC5-291D84DBD4A0"; nocase; distance:0; within:40; reference:url,isc.sans.org/diary.html?storyid=3929; classtype:web-application-attack; sid:2007812; rev:1;)

Added 2008-02-05 13:50:04 UTC


Topic revision: r1 - 2008-02-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats