#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Microsoft Publisher Array Indexing Memory Corruption SET"; flow:from_server,established; flowbits:isset,OLE.CompoundFile; content:"MSPublisher"; flowbits:set,ms.publisher.file; flowbits:noalert; reference:cve,2010-3995; reference:url,www.microsoft.com/technet/security/bulletin/MS10-103.mspx; classtype:attempted-user; sid:2012519; rev:4;)

Added 2012-03-15 10:52:25 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Microsoft Publisher Array Indexing Memory Corruption SET"; flow:from_server,established; flowbits:isset,OLE.CompoundFile; content:"MSPublisher"; flowbits:set,ms.publisher.file; flowbits:noalert; reference:cve,2010-3995; reference:url,www.microsoft.com/technet/security/bulletin/MS10-103.mspx; classtype:attempted-user; sid:2012519; rev:4;)

Added 2011-10-12 19:34:33 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Microsoft Publisher Array Indexing Memory Corruption SET"; flow:from_server,established; flowbits:isset,OLE.CompoundFile; content:"MSPublisher"; flowbits:set,ms.publisher.file; flowbits:noalert; classtype:attempted-user; reference:cve,2010-3995; reference:url,www.microsoft.com/technet/security/bulletin/MS10-103.mspx; sid:2012519; rev:4;)

Added 2011-03-17 21:40:58 UTC


Topic revision: r1 - 2012-03-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats