alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS FaceBook? PhotoUploader? Buffer Overflow Exploit"; flow:to_client,established; content:"clsid"; nocase; content:"5C6698D9-7BE4-4122-8EC5-291D84DBD4A0"; nocase; pcre:"/(ExtractIptc?|ExtractExif|FileMask)/i"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/5049; reference:url,www.milw0rm.com/exploits/5102; reference:bugtraq,27576; reference:url,isc.sans.org/diary.html?storyid=3929; sid:2007817; rev:2;)

Added 2008-02-13 18:04:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS FaceBook? PhotoUploader? Buffer Overflow Exploit"; flow:to_client,established; content:"clsid"; nocase; content:"5C6698D9-7BE4-4122-8EC5-291D84DBD4A0"; nocase; pcre:"/(ExtractIptc?|ExtractExif|FileMask)/i"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/5049; reference:url,www.milw0rm.com/exploits/5102; reference:bugtraq,27576; reference:url,isc.sans.org/diary.html?storyid=3929; sid:2007817; rev:2;)

Added 2008-02-13 18:04:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS FaceBook? PhotoUploader? Buffer Overflow Exploit"; flow:to_client,established; content:"clsid"; nocase; content:"5C6698D9-7BE4-4122-8EC5-291D84DBD4A0"; nocase; content:"%u6950%u74C9"; pcre:"/(ExtractIptc?|ExtractExif)/i"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/5049; reference:bugtraq,27576; reference:url,isc.sans.org/diary.html?storyid=3929; sid:2007817; rev:1;)

Added 2008-02-06 10:03:30 UTC


Topic revision: r1 - 2008-02-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats