alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cisco Secure Desktop Vulnerable CSLID Access Attempt . Possible Code Execution Attempt"; flow:established,to_client; content:"clsid"; nocase; content:"705EC6D4-B138-4079-A307-EF13E4889A82"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*705EC6D4-B138-4079-A307-EF13E4889A82/si"; classtype:attempted-user; reference:url, www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml; reference:cve, 2010-0589; reference:url,doc.emergingthreats.net/2011043; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Cisco; sid:2011043; rev:3;)

Added 2010-04-21 08:31:00 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cisco Secure Desktop Vulnerable CSLID Access Attempt . Possible Code Execution Attempt"; flow:established,to_client; content:"clsid"; nocase; content:"705EC6D4-B138-4079-A307-EF13E4889A82"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*705EC6D4-B138-4079-A307-EF13E4889A82/si"; classtype:attempted-user; reference:url, www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml; reference:cve, 2010-0589; reference:url,doc.emergingthreats.net/2011043; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Cisco; sid:2011043; rev:3;)

Added 2010-04-21 08:31:00 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cisco Secure Desktop Vulnerable CSLID Access Attempt . Possible Code Execution Attempt"; flow:established,to_client; content:"clsid"; nocase; content:"B44D252D705EC6D4-B138-4079-A307-EF13E4889A82"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*705EC6D4-B138-4079-A307-EF13E4889A82/si"; classtype:attempted-user; reference:url, www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml; reference:cve, 2010-0589; reference:url,doc.emergingthreats.net/2011043; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Cisco; sid:2011043; rev:2;)

Added 2010-04-19 15:38:39 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cisco Secure Desktop Vulnerable CSLID Access Attempt . Possible Code Execution Attempt"; flow:established,to_client; content:"clsid"; nocase; content:"B44D252D705EC6D4-B138-4079-A307-EF13E4889A82"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*705EC6D4-B138-4079-A307-EF13E4889A82/si"; classtype:attempted-user; reference:url, www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml; reference:cve, 2010-0589; reference:url,doc.emergingthreats.net/2011043; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Cisco; sid:2011043; rev:2;)

Added 2010-04-19 15:38:39 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Cisco Secure Desktop Vulnerable CSLID Access Attempt . Possible Code Execution Attempt"; flow:established,to_client; content:"clsid"; nocase; content:"B44D252D705EC6D4-B138-4079-A307-EF13E4889A82"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*705EC6D4-B138-4079-A307-EF13E4889A82/si"; classtype:attempted-user; reference:url, www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml; reference:cve, 2010-0589; sid:2011043; rev:1;)

Added 2010-04-16 10:15:59 UTC


Topic revision: r1 - 2010-04-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats