alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible XML 0-day for Internet Explorer Exploitation Attempt"; flow:established,from_server; content:"document.write('"; nocase; classtype:web-application-attack; reference:url,isc.sans.org/diary.html?storyid=5458; reference:url,doc.emergingthreats.net/bin/view/Main/2008876; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_0Day; sid:2008876; rev:4;)

Added 2009-02-06 19:00:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible XML 0-day for Internet Explorer Exploitation Attempt"; flow:established,from_server; content:"document.write('"; nocase; classtype:web-application-attack; reference:url,isc.sans.org/diary.html?storyid=5458; reference:url,doc.emergingthreats.net/bin/view/Main/2008876; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_0Day; sid:2008876; rev:4;)

Added 2009-02-06 19:00:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible XML 0-day for 
Internet Explorer Exploitation Attempt"; flow:established,from_server; content:"document.write('<XML ID=I>"; 
nocase; classtype:web-application-attack; reference:url,isc.sans.org/diary.html?storyid=5458; sid:2008876; rev:3;)

Added 2008-12-10 14:56:28 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible XML 0-day for Internet Explorer Exploitation Attempt"; flow:established,from_server; content:"document.write('"; nocase; classtype:web-application-attack; reference:url,isc.sans.org/diary.html?storyid=5458; sid:2008876; rev:3;)

Added 2008-12-10 14:56:28 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible XML 0-day for Internet Explorer Exploitation Attempt"; flow:established,from_server; content:"document.write('"; nocase; classtype:web-application-attack; reference:url,isc.sans.org/diary.html?storyid=5458; sid:2008876; rev:2;)

Added 2008-12-10 14:45:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible XML 0-day for Internet Explorer Exploitation Attempt"; flow:established,from_server; content:"document.write('"; nocase; classtype:web-application-attack; reference:url,isc.sans.org/diary.html?storyid=5458; sid:2008876; rev:2;)

Added 2008-12-10 14:45:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible XML 0-day for Internet Explorer Exploitation Attempt"; flow:established,to_server; content:"document.write('"; nocase; classtype:web-application-attack; reference:url,isc.sans.org/diary.html?storyid=5458; sid:2008876; rev:1;)

Added 2008-12-10 13:15:24 UTC


Topic revision: r2 - 2008-12-17 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats