alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow"; flow:established,from_server; content:"Content-Type|3a| image/svg|2b|xml"; nocase; file_data; content:"|3c|svg xmlns="; nocase; distance:0; content:"style|3d 22|fill|3a 20 23|ffffff|22|"; nocase; distance:0; content:"transform"; nocase; distance:0; pcre:"/^=\s*\x22\s*[^\s\x22\x28]{1000}/iR"; reference:bugtraq,43717; reference:url,www.microsoft.com/technet/security/bulletin/MS10-081.mspx; classtype:attempted-admin; sid:2012174; rev:9; metadata:created_at 2011_01_12, updated_at 2011_01_12;)

Added 2017-08-07 21:05:16 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow"; flow:established,from_server; content:"Content-Type|3a| image/svg|2b|xml"; http_header; file_data; content:"|3c|svg xmlns="; distance:0; content:"style|3d 22|fill|3a 20 23|ffffff|22|"; distance:0; content:"transform"; distance:0; pcre:"/^=\s*\x22\s*[^\s\x22\x28]{1000}/iR"; reference:bugtraq,43717; reference:url,www.microsoft.com/technet/security/bulletin/MS10-081.mspx; classtype:attempted-admin; sid:2012174; rev:5;)

Added 2012-03-01 19:55:07 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow"; flow:established,from_server; content:"Content-Type|3a| image/svg|2b|xml"; http_header; file_data; content:"|3c|svg xmlns="; distance:0; content:"style|3d 22|fill|3a 20 23|ffffff|22|"; distance:0; content:"transform"; distance:0; pcre:"/^=\s*\x22\s*[^\s\x22\x28]{1000}/iR"; reference:bugtraq,43717; reference:url,www.microsoft.com/technet/security/bulletin/MS10-081.mspx; classtype:attempted-admin; sid:2012174; rev:5;)

Added 2011-10-12 19:33:38 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow"; flow:established,from_server; content:"Content-Type|3a| image/svg|2b|xml"; http_header; file_data; content:"|3c|svg xmlns="; distance:0; content:"style|3d 22|fill|3a 20 23|ffffff|22|"; distance:0; content:"transform"; distance:0; pcre:"/^=\s*\x22\s*[^\s\x22\x28]{1000}/iR"; classtype:attempted-admin; reference:bugtraq,43717; reference:url,www.microsoft.com/technet/security/bulletin/MS10-081.mspx; sid:2012174; rev:5;)

Added 2011-02-04 17:32:04 UTC


Topic revision: r2 - 2012-04-05 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats