Rule History

alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call Object"; flow:from_server,established; content:" DirectAnimation.PathControl"; content:".Spline|28|"; nocase; pcre:"/new[\r\n\s]*ActiveXObject[\r\n\s]*\([\r\n\s]*(\x22DirectAnimation\.PathControl\x22|\x27DirectAnimation\.PathControl\x27)[\r\n\s]*\)|(\w+)[\r\n\s]*=[\r\n\s]*(\x22DirectAnimation\.PathControl\x22|\x27DirectAnimation\.PathControl\x27)[\r\n\s]*\x3b.*new[\r\n\s]*ActiveXObject[\r\n\s]*\([\r\n\s]*\1[\r\n\s]*\)/smi"; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=28841; reference:cve,2006-4446; classtype:attempted-user; sid:2003103; rev:10; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2010_07_30, deployment Perimeter, confidence Medium, signature_severity Major, tag ActiveX, updated_at 2019_07_26;)