#alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10}/R"; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; classtype:misc-attack; sid:2007933; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2018-09-13 19:39:30 UTC
Added 2018-09-13 17:53:39 UTC
#alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10}/R"; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; classtype:misc-attack; sid:2007933; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2017-08-07 21:01:09 UTC
#alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10}/R"; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; classtype:misc-attack; sid:2007933; rev:8;)
Added 2012-08-31 21:47:21 UTC
#alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10}/R"; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; classtype:misc-attack; sid:2007933; rev:8;)
Added 2012-08-31 18:30:04 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; fast_pattern:only; pcre:"/[0-9a-zA-Z]{10,}/R"; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; classtype:misc-attack; sid:2007933; rev:8;)
Added 2011-10-12 19:24:07 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; fast_pattern:only; pcre:"/[0-9a-zA-Z]{10,}/R"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; sid:2007933; rev:8;)
Added 2011-09-14 22:37:35 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; fast_pattern:only; pcre:"/[0-9a-zA-Z]{10,}/R"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:8;)
Added 2011-02-04 17:27:01 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10,}/R"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:4;)
Added 2010-02-12 13:31:56 UTC
False positive on a jpg image from www.soft-files.com (74.63.193.226)
000 : 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D HTTP/1.1 200 OK.
...
0f0 : 37 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 70..Connection:
100 : 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 6F 6E 74 Keep-Alive..Cont
110 : 65 6E 74 2D 54 79 70 65 3A 20 69 6D 61 67 65 2F ent-Type: image/
120 : 6A 70 65 67 0D 0A 0D 0A FF D8 FF E0 00 10 4A 46 jpeg..........JF
130 : 49 46 00 01 01 01 00 60 00 60 00 00 FF DB 00 43 IF.....`.`.....C
140 : 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0A 0C ................
150 : 14 0D 0C 0B 0B 0C 19 12 13 0F 14 1D 1A 1F 1E 1D ................
160 : 1A 1C 1C 20 24 2E 27 20 22 2C 23 1C 1C 28 37 29 ... $.' ",#..(7)
170 : 2C 30 31 34 34 34 1F 27 39 3D 38 32 3C 2E 33 34 ,01444.'9=82<.34
180 : 32 FF DB 00 43 01 09 09 09 0C 0B 0C 18 0D 0D 18 2...C...........
190 : 32 21 1C 21 32 32 32 32 32 32 32 32 32 32 32 32 2!.!222222222222
1a0 : 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 2222222222222222
1b0 : 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 2222222222222222
1c0 : 32 32 32 32 32 32 FF C0 00 11 08 00 [21 00 21 03] 222222......!.!.
IanR
--
IanR - 02 Sep 2010
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10,}/R"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:4;)
Added 2010-02-12 13:31:56 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:3;)
Added 2009-02-07 22:00:26 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:3;)
Added 2009-02-07 22:00:26 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; sid:2007933; rev:2;)
Added 2008-05-18 19:52:13 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; sid:2007933; rev:2;)
Added 2008-05-18 19:52:13 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; sid:2007933; rev:1;)
Added 2008-03-07 15:22:46 UTC