alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB Chilkat Mail
ActiveX? 7.8
ChilkatCert?.dll Insecure Method Vulnerability"; flow:to_client,established; content:"CLSID"; nocase; content:"2A9A3D40-2F32-45BF-9A89-AC9ED6C2FEDF"; nocase; pcre:"/.*\.(ini|exe|dll|bat|com|cab|txt)/i"; content:"SaveLastError"; nocase; distance:0; within:40; classtype:web-application-attack; reference:bugtraq,27493; reference:url,www.milw0rm.com/exploits/5005; sid:2007819; rev:2;)
Added 2008-05-18 20:33:02 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB Chilkat Mail
ActiveX? 7.8
ChilkatCert?.dll Insecure Method Vulnerability"; flow:to_client,established; content:"CLSID"; nocase; content:"2A9A3D40-2F32-45BF-9A89-AC9ED6C2FEDF"; nocase; pcre:"/.*\.(ini|exe|dll|bat|com|cab|txt)/i"; content:"SaveLastError"; nocase; distance:0; within:40; classtype:web-application-attack; reference:bugtraq,27493; reference:url,www.milw0rm.com/exploits/5005; sid:2007819; rev:2;)
Added 2008-05-18 20:33:02 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Chilkat Mail
ActiveX? 7.8
ChilkatCert?.dll Insecure Method Vulnerability"; flow:to_client,established; content:"CLSID"; nocase; content:"2A9A3D40-2F32-45BF-9A89-AC9ED6C2FEDF"; nocase; pcre:"/.*\.(ini|exe|dll|bat|com|cab|txt)/i"; content:"SaveLastError"; nocase; distance:0; within:40; classtype:web-application-attack; reference:bugtraq,27493; reference:url,www.milw0rm.com/exploits/5005; sid:2007819; rev:1;)
Added 2008-02-06 10:24:10 UTC