alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX J-Integra Remote Code Execution"; flow:established,to_client; content:"clsid"; nocase; content:"F21507A7-530F-4A89-8FE4-9D989670FD2C"; nocase; distance:0; pcre:"/<object\s*[^>]*\s*classid\s*=\s*(\x22|\x27)\s*clsid\s*\x3a\s*{?\s*F21507A7-530F-4A89-8FE4-9D989670FD2C\s*}?\s*(.*)(\s|)/si"; pcre:"/\x2e[RemoveAccessPermission|AddLaunchPermission|AddAccessPermission|RemoveLaunchPermission]/"; reference:url,www.exploit-db.com/exploits/15648; classtype:attempted-user; sid:2012095; rev:3; metadata:created_at 2010_12_23, updated_at 2010_12_23;)

Added 2017-08-07 21:05:10 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX J-Integra Remote Code Execution"; flow:established,to_client; content:"clsid"; nocase; content:"F21507A7-530F-4A89-8FE4-9D989670FD2C"; nocase; distance:0; pcre:"/<object\s*[^>]*\s*classid\s*=\s*(\x22|\x27)\s*clsid\s*\x3a\s*{?\s*F21507A7-530F-4A89-8FE4-9D989670FD2C\s*}?\s*(.*)(\s|)/si"; pcre:"/\x2e[RemoveAccessPermission|AddLaunchPermission|AddAccessPermission|RemoveLaunchPermission]/"; reference:url,www.exploit-db.com/exploits/15648; classtype:attempted-user; sid:2012095; rev:3;)

Added 2014-12-05 18:20:52 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats