#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Attempt"; flow:established,to_client; content:"file|3A|//127.0.0.1"; nocase; content:"text/html"; nocase; within:100; classtype:attempted-user; reference:url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=19873; reference:url,www.microsoft.com/technet/security/advisory/980088.mspx; reference:cve,2010-0255; reference:url,doc.emergingthreats.net/2010769; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE; sid:2010769; rev:4;)

Added 2010-02-08 10:25:55 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Attempt"; flow:established,to_client; content:"file|3A|//127.0.0.1"; nocase; content:"text/html"; nocase; within:100; classtype:attempted-user; reference:url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=19873; reference:url,www.microsoft.com/technet/security/advisory/980088.mspx; reference:cve,2010-0255; reference:url,doc.emergingthreats.net/2010769; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_MSIE; sid:2010769; rev:4;)

Added 2010-02-08 10:25:55 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Attempt"; flow:established,to_client; content:"file|3A|//127.0.0.1"; nocase; content:"text/html"; nocase; within:100; classtype:attempted-user; reference:url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=19873; reference:url,www.microsoft.com/technet/security/advisory/980088.mspx; reference:cve,2010-0255; sid:2010769; rev:3;)

Added 2010-02-08 09:46:10 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Attempt"; flow:established,to_client; content:"file|3A|//127.0.0.1"; nocase; content:"text/html"; nocase; within:100; classtype:attempted-user; reference:url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=19873; reference:url,www.microsoft.com/technet/security/advisory/980088.mspx; reference:cve,2010-0255; sid:2010769; rev:3;)

Added 2010-02-08 09:46:10 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Attempt"; flow:established,to_client; content:"document.createElement"; nocase; content:"file|3A|//"; nocase; within:100; content:"text/html"; nocase; distance:0; content:"document.body.appendChild"; nocase; classtype:attempted-recon; reference:url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=19873; reference:cve,2010-0255; sid:2010769; rev:1;)

Added 2010-02-05 09:31:11 UTC


Topic revision: r1 - 2010-02-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats