alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Office Web Components ActiveX? Vulnerability KB973472, xeye.us variant"; flow:to_client,established; content:"ActiveXObject"; nocase; content:"OWC10.Spreadsheet"; nocase; distance:0; content:"msDataSourceObject"; nocase; distance:0; reference:url,microsoft.com/technet/security/advisory/973472.mspx; reference:url,xeye.us/blog/2009/07/one-0day/;classtype:web-application-attack; reference:url,doc.emergingthreats.net/2009585; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_Office_Web; sid:2009585; rev:2;)

Added 2009-07-16 11:30:35 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Office Web Components ActiveX? Vulnerability KB973472, xeye.us variant"; flow:to_client,established; content:"ActiveXObject"; nocase; content:"OWC10.Spreadsheet"; nocase; distance:0; content:"msDataSourceObject"; nocase; distance:0; reference:url,microsoft.com/technet/security/advisory/973472.mspx; reference:url,xeye.us/blog/2009/07/one-0day/;classtype:web-application-attack; reference:url,doc.emergingthreats.net/2009585; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_Office_Web; sid:2009585; rev:2;)

Added 2009-07-16 11:30:35 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Office Web Components ActiveX? Vulnerability KB973472, xeye.us variant"; flow:to_client,established; content:"ActiveXObject"; nocase; content:"OWC10.Spreadsheet"; nocase; distance:0; content:"msDataSourceObject"; nocase; distance:0; reference:url,microsoft.com/technet/security/advisory/973472.mspx; reference:url,xeye.us/blog/2009/07/one-0day/;classtype:web-application-attack; sid:2009585; rev:1;)

Added 2009-07-15 09:00:37 UTC


Topic revision: r1 - 2009-07-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats