Snort Rule released on BleedingSnort for the Windows Javascript vulnerability
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"BLEEDING-EDGE CURRENT EVENTS Microsoft Internet
Explorer Window() Possible Code Execution"; flow:established,from_server;
content:"window"; nocase; pcre:"/[=:'"s]windows*(s*)/i";
reference:url,secunia.com/advisories/15546; \ reference:url,www.computerterrorism.com/research/ie/ct21-11-2005;
reference:cve,2005-1790; classtype:attempted-user; sid:2002682; rev:1; )
Download it directly from here:
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_Internet_Explorer?view=markup
Please let us know about problems with this rule, and/or when you notice sites hosting/performing this exploit.
thanks!
Mike Poor
Handler on Duty
Intelguardians
(msg:"BLEEDING-EDGE CURRENT EVENTS Microsoft Internet
Explorer Window() Possible Code Execution"; flow:established,from_server;
content:"window"; nocase; pcre:"/[=:'"s]windows*(s*)/i";
reference:url,secunia.com/advisories/15546; \ reference:url,www.computerterrorism.com/research/ie/ct21-11-2005;
reference:cve,2005-1790; classtype:attempted-user; sid:2002682; rev:1; )
Download it directly from here:
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_Internet_Explorer?view=markup
Please let us know about problems with this rule, and/or when you notice sites hosting/performing this exploit.
thanks!
Mike Poor
Handler on Duty
Intelguardians
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments