alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Vulnerable Yahoo
DataGrid? ActiveX? CLSID in Use"; flow:from_server,established; content:"CLSID"; nocase; content:"5F810AFC-BB5F-4416-BE63-E01DD117BD6C"; nocase; distance:0; within:40; reference:url,isc.sans.org/diary.html?storyid=3929; classtype:web-application-attack; sid:2007814; rev:2;)
Added 2008-02-05 16:01:18 UTC
CLSID was erroneously reported with a trailing 2 in the vuln reports. corrected.
--
MattJonkman - 05 Feb 2008
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Vulnerable Yahoo
DataGrid? ActiveX? CLSID in Use"; flow:from_server,established; content:"CLSID"; nocase; content:"5F810AFC-BB5F-4416-BE63-E01DD117BD6C"; nocase; distance:0; within:40; reference:url,isc.sans.org/diary.html?storyid=3929; classtype:web-application-attack; sid:2007814; rev:2;)
Added 2008-02-05 16:01:18 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Vulnerable Yahoo
DataGrid? ActiveX? CLSID in Use"; flow:from_server,established; content:"CLSID"; nocase; content:"5F810AFC-BB5F-4416-BE63-E01DD117BD6C2"; nocase; distance:0; within:40; reference:url,isc.sans.org/diary.html?storyid=3929; classtype:web-application-attack; sid:2007814; rev:1;)
Added 2008-02-05 13:50:04 UTC