alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Possible AOL SuperBuddy? ActiveX? Control Remote Code Execution Attempt"; flow:from_server,established; content:"189504B8-50D1-4AA8-B4D6-95C8F58A6414"; nocase; content:"SetSuperBuddy"; nocase; content:"//"; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*189504B8-50D1-4AA8-B4D6-95C8F58A6414/si"; reference:url,www.securityfocus.com/bid/36580/info; reference:url,www.securityfocus.com/archive/1/506889; reference:url,doc.emergingthreats.net/2010039; classtype:attempted-user; sid:2010039; rev:6; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag ActiveX?, signature_severity Major, created_at 2010_07_30, updated_at 2016_07_01;)

Added 2017-08-07 21:03:09 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Possible AOL SuperBuddy? ActiveX? Control Remote Code Execution Attempt"; flow:from_server,established; file_data; content:"189504B8-50D1-4AA8-B4D6-95C8F58A6414"; nocase; distance:0; content:"SetSuperBuddy"; nocase; distance:0; content:"//"; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*189504B8-50D1-4AA8-B4D6-95C8F58A6414/si"; reference:url,www.securityfocus.com/bid/36580/info; reference:url,www.securityfocus.com/archive/1/506889; reference:url,doc.emergingthreats.net/2010039; classtype:attempted-user; sid:2010039; rev:13;)

Added 2011-10-12 19:28:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Possible AOL SuperBuddy? ActiveX? Control Remote Code Execution Attempt"; flow:from_server,established; file_data; content:"189504B8-50D1-4AA8-B4D6-95C8F58A6414"; nocase; distance:0; content:"SetSuperBuddy"; nocase; distance:0; content:"//"; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*189504B8-50D1-4AA8-B4D6-95C8F58A6414/si"; classtype:attempted-user; reference:url,www.securityfocus.com/bid/36580/info; reference:url,www.securityfocus.com/archive/1/506889; reference:url,doc.emergingthreats.net/2010039; sid:2010039; rev:13;)

Added 2011-09-14 22:42:06 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Possible AOL SuperBuddy? ActiveX? Control Remote Code Execution Attempt"; flow:from_server,established; file_data; content:"189504B8-50D1-4AA8-B4D6-95C8F58A6414"; nocase; distance:0; content:"SetSuperBuddy"; nocase; distance:0; content:"//"; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*189504B8-50D1-4AA8-B4D6-95C8F58A6414/si"; classtype:attempted-user; reference:url,www.securityfocus.com/bid/36580/info; reference:url,www.securityfocus.com/archive/1/506889; reference:url,doc.emergingthreats.net/2010039; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_AOL; sid:2010039; rev:13;)

Added 2011-02-04 17:29:29 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Possible AOL SuperBuddy? ActiveX? Control Remote Code Execution Attempt"; flow:from_server,established; content:"clsid"; nocase; content:"189504B8-50D1-4AA8-B4D6-95C8F58A6414"; nocase; distance:0; content:"SetSuperBuddy"; nocase; content:"//"; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*189504B8-50D1-4AA8-B4D6-95C8F58A6414/si"; classtype:attempted-user; reference:url,www.securityfocus.com/bid/36580/info; reference:url,www.securityfocus.com/archive/1/506889; reference:url,doc.emergingthreats.net/2010039; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_AOL; sid:2010039; rev:2;)

Added 2009-10-12 20:45:37 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Possible AOL SuperBuddy? ActiveX? Control Remote Code Execution Attempt"; flow:from_server,established; content:"clsid"; nocase; content:"189504B8-50D1-4AA8-B4D6-95C8F58A6414"; nocase; distance:0; content:"SetSuperBuddy"; nocase; content:"//"; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*189504B8-50D1-4AA8-B4D6-95C8F58A6414/si"; classtype:attempted-user; reference:url,www.securityfocus.com/bid/36580/info; reference:url,www.securityfocus.com/archive/1/506889; reference:url,doc.emergingthreats.net/2010039; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_AOL; sid:2010039; rev:2;)

Added 2009-10-12 20:45:37 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Possible AOL SuperBuddy? ActiveX? Control Remote Code Execution Attempt"; flow:from_server,established; content:"clsid"; nocase; content:"189504B8-50D1-4AA8-B4D6-95C8F58A6414"; nocase; distance:0; content:"SetSuperBuddy"; nocase; content:"//"; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*189504B8-50D1-4AA8-B4D6-95C8F58A6414/si"; classtype:attempted-user; reference:url,www.securityfocus.com/bid/36580/info; reference:url,www.securityfocus.com/archive/1/506889; sid:2010039; rev:1;)

Added 2009-10-06 09:30:38 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats