alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Comodo AntiVirus? 2.0 ExecuteStr?() Remote Command Execution Vulnerability"; flow:to_client,established; content:"clsid"; nocase; content:"309F674D-E4D3-46BD-B9E2-ED7DFD7FD176"; nocase; content:"ExecuteStr"; pcre:"/.*\.(exe|bat|ftp)/i";reference:cve,CVE-2008-0470; reference:bugtraq,27424; reference:url,www.milw0rm.com/exploits/4974; classtype:web-application-attack; sid:2007887; rev:1;)

Added 2008-02-27 12:14:31 UTC


Topic revision: r1 - 2008-02-27 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats