alert tcp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"ET CURRENT_EVENTS Adobe PDF with Flash content, Possible 0-day exploit"; flow:to_client,established; content:"/EmbeddedFiles"; nocase; content:"/RichMediaContent"; nocase; distance:0; content:".swf"; nocase; distance:0; pcre:"/\(.*\.swf\)/i"; classtype:web-application-attack; reference:url,www.sophos.com/blogs/sophoslabs//?p=5524; reference:url,doc.emergingthreats.net/2009686; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Adobe; sid:2009686; rev:2;)

Added 2009-07-25 16:01:23 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"ET CURRENT_EVENTS Adobe PDF with Flash content, Possible 0-day exploit"; flow:to_client,established; content:"/EmbeddedFiles"; nocase; content:"/RichMediaContent"; nocase; distance:0; content:".swf"; nocase; distance:0; pcre:"/\(.*\.swf\)/i"; classtype:web-application-attack; reference:url,www.sophos.com/blogs/sophoslabs//?p=5524; reference:url,doc.emergingthreats.net/2009686; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Adobe; sid:2009686; rev:2;)

Added 2009-07-25 16:01:23 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"ET CURRENT_EVENTS Adobe PDF with Flash content, Possible 0-day exploit"; flow:to_client,established; content:"/EmbeddedFiles"; nocase; content:"/RichMediaContent"; nocase; distance:0; content:".swf"; nocase; distance:0; pcre:"/\(.*\.swf\)/i"; classtype:web-application-attack; reference:url,www.sophos.com/blogs/sophoslabs//?p=5524; sid:2009686; rev:1;)

Added 2009-07-24 10:00:39 UTC


Topic revision: r1 - 2009-07-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats