alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT Microsoft SRV2.SYS SMB Negotiate ProcessID? Function Table Dereference (CVE-2009-3103)"; flow:to_server,established; content:"|FF 53 4d 42 72|"; offset:4; depth:5; content:"|00 26|"; distance:7; within:2; reference:url,www.exploit-db.com/exploits/14674/; reference:url,www.microsoft.com/technet/security/bulletin/ms09-050.mspx; reference:cve,2009-3103; classtype:attempted-user; sid:2012063; rev:3;)

Added 2017-06-30 16:28:38 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT Microsoft SRV2.SYS SMB Negotiate ProcessID? Function Table Dereference (CVE-2009-3103)"; flow:to_server,established; content:"|FF 53 4d 42 72|"; offset:4; depth:5; content:"|00 26|"; distance:7; within:2; reference:url,www.exploit-db.com/exploits/14674/; reference:url,www.microsoft.com/technet/security/bulletin/ms09-050.mspx; reference:cve,2009-3103; classtype:attempted-user; sid:2012063; rev:3;)

Added 2017-06-30 16:22:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT Microsoft SRV2.SYS SMB Negotiate ProcessID? Function Table Dereference (CVE-2009-3103)"; flow:to_server,established; content:"|FF 53 4d 42 72|"; offset:4; depth:5; content:!"|00 00|"; distance:7; within:2; reference:url,www.exploit-db.com/exploits/14674/; reference:url,www.microsoft.com/technet/security/bulletin/ms09-050.mspx; reference:cve,2009-3103; classtype:attempted-user; sid:2012063; rev:2;)

Added 2017-06-27 18:46:15 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft SRV2.SYS SMB Negotiate ProcessID? Function Table Dereference"; flow:to_server,established; content:"|FF 53 4d 42 72|"; offset:4; depth:5; content:!"|00 00|"; distance:7; within:2; reference:url,www.exploit-db.com/exploits/14674/; reference:url,www.microsoft.com/technet/security/bulletin/ms09-050.mspx; reference:cve,2009-3103; classtype:attempted-user; sid:2012063; rev:1;)

Added 2011-10-12 19:33:23 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft SRV2.SYS SMB Negotiate ProcessID? Function Table Dereference"; flow:to_server,established; content:"|FF 53 4d 42 72|"; offset:4; depth:5; content:!"|00 00|"; distance:7; within:2; classtype: attempted-user; reference:url,www.exploit-db.com/exploits/14674/; reference:url,www.microsoft.com/technet/security/bulletin/ms09-050.mspx; reference:cve,2009-3103; sid:2012063; rev:1;)

Added 2011-02-04 17:31:55 UTC


Topic revision: r1 - 2017-06-30 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats