alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Symantec AppStream? LaunchObj? ActiveX? arbitrary code download and execution"; flow:established,to_client; content:"clsid"; nocase; content:"3356DB7C-58A7-11D4-AA5C-006097314BF8"; nocase; distance:0; content:"installAppMgr"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*3356DB7C-58A7-11D4-AA5C-006097314BF8/si"; classtype:web-application-attack; reference:url,www.kb.cert.org/vuls/id/194505; reference:url,osvdb.org/51410; reference:url,doc.emergingthreats.net/2010199; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Symantec; sid:2010199; rev:2;)

Added 2009-11-02 20:30:42 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Symantec AppStream? LaunchObj? ActiveX? arbitrary code download and execution"; flow:established,to_client; content:"clsid"; nocase; content:"3356DB7C-58A7-11D4-AA5C-006097314BF8"; nocase; distance:0; content:"installAppMgr"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*3356DB7C-58A7-11D4-AA5C-006097314BF8/si"; classtype:web-application-attack; reference:url,www.kb.cert.org/vuls/id/194505; reference:url,osvdb.org/51410; reference:url,doc.emergingthreats.net/2010199; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Symantec; sid:2010199; rev:2;)

Added 2009-11-02 20:30:42 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Symantec AppStream? LaunchObj? ActiveX? arbitrary code download and execution"; flow:established,to_client; content:"clsid"; nocase; content:"3356DB7C-58A7-11D4-AA5C-006097314BF8"; nocase; distance:0; content:"installAppMgr"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*3356DB7C-58A7-11D4-AA5C-006097314BF8/si"; classtype:web-application-attack; reference:url,www.kb.cert.org/vuls/id/194505; reference:url,osvdb.org/51410; reference:url,doc.emergingthreats.net/2010199; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Symantec; sid:2010199; rev:2;)

Added 2009-11-02 20:26:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Symantec AppStream? LaunchObj? ActiveX? arbitrary code download and execution"; flow:established,to_client; content:"clsid"; nocase; content:"3356DB7C-58A7-11D4-AA5C-006097314BF8"; nocase; distance:0; content:"installAppMgr"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*3356DB7C-58A7-11D4-AA5C-006097314BF8/si"; classtype:web-application-attack; reference:url,www.kb.cert.org/vuls/id/194505; reference:url,osvdb.org/51410; reference:url,doc.emergingthreats.net/2010199; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Symantec; sid:2010199; rev:2;)

Added 2009-11-02 20:26:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Symantec AppStream? LaunchObj? ActiveX? arbitrary code download and execution"; flow:established,to_client; content:"clsid"; nocase; content:"3356DB7C-58A7-11D4-AA5C-006097314BF8"; nocase; distance:0; content:"installAppMgr"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*3356DB7C-58A7-11D4-AA5C-006097314BF8/si"; classtype:web-application-attack; reference:url,www.kb.cert.org/vuls/id/194505; reference:url,osvdb.org/51410; sid:2010199; rev:1;)

Added 2009-10-27 16:15:40 UTC


Topic revision: r1 - 2009-11-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats