alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Internet Explorer execCommand function Use after free Vulnerability 0day"; flow:established,to_client; file_data; content:".execCommand|28|"; nocase; fast_pattern; pcre:"/^[\r\n\s]*[\x22\x27](s|\\(x|u00)[57]3)(e|\\(x|u00)[46]5)(l|\\(x|u00)[46]c)(e|\\(x|u00)[46]5)(c|\\(x|u00)[46]3)(t|\\(x|u00)[57]4)(A|\\(x|u00)[46]1)(l|\\(x|u00)[46]c){2}/Ri"; content:".write("; nocase; content:"parent|2e|"; nocase; distance:0; pcre:"/^\w+?\^\?+?\]\.src[\r\n\s]*=/Ri"; content:"onselect"; nocase; reference:url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/; reference:cve,CVE-2012-4969; classtype:attempted-user; sid:2015711; rev:6;)

Added 2014-09-19 17:22:44 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Internet Explorer execCommand fuction Use after free Vulnerability 0day"; flow:established,to_client; file_data; content:".execCommand|28|"; nocase; fast_pattern; pcre:"/^[\r\n\s]*[\x22\x27]selectAll/Ri"; content:".write("; nocase; content:"parent|2e|"; nocase; distance:0; pcre:"/^\w+?\^\?+?\]\.src[\r\n\s]*=/Ri"; content:"onselect"; nocase; reference:url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/; classtype:attempted-user; sid:2015711; rev:2;)

Added 2012-09-18 15:30:25 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Internet Explorer execCommand fuction Use after free Vulnerability 0day"; flow:established,to_client; file_data; content:".execCommand|28|"; nocase; fast_pattern; pcre:"/^[\r\n\s]*[\x22\x27]selectAll/Ri"; content:".write("; nocase; content:"parent|2e|"; nocase; distance:0; pcre:"/^\w+?\^\?+?\]\.src/R"; content:"onload"; nocase; reference:url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/; classtype:attempted-user; sid:2015711; rev:1;)

Added 2012-09-17 19:48:03 UTC


Topic revision: r1 - 2014-09-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats