[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] SIG: Yahoo Messenger yt.dll ActiveX Remote Code Execution Attempt
From: kevross33 () googlemail ! com (Kevin Ross)
Date: 2010-07-26 19:47:36
Message-ID: AANLkTimmdCejgv8-rG_jO-9_0qRqjXMsCWT0BX3iEmuq () mail ! gmail ! com
[Download RAW message or body]
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT
Possible Yahoo Messenger yt.dll ActiveX Remote Code Execution Attempt";
flow:established,to_client; content:"clsid"; nocase;
content:"72C24DD5-D70A-438B-8A42-98424B88AFB8"; nocase; distance:0;
content:"Run"; nocase;
pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*72C24DD5-D70A-438B-8A42-98424B88AFB8/si";
classtype:attempted-user; reference:url,www.exploit-db.com/exploits/14473/;
sid:1234001; rev:1;)
Regards, Kev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20100726/c20039d4/attachment.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic