alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Comodo
AntiVirus? 2.0
ExecuteStr?() Remote Command Execution Vulnerability"; flow:to_client,established; content:"clsid"; nocase; content:"309F674D-E4D3-46BD-B9E2-ED7DFD7FD176"; nocase; content:"ExecuteStr"; pcre:"/.*\.(exe|bat|ftp)/i";reference:cve,CVE-2008-0470; reference:bugtraq,27424; reference:url,www.milw0rm.com/exploits/4974; classtype:web-application-attack; sid:2007887; rev:1;)
Added 2008-02-27 12:14:31 UTC